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H  Budget  Boosts  Seen  in  2004 


Security,  Web  services 
and  CRM  among  areas 
of  increased  spending 

BY  THOMAS  HOFFMAN 

Improved  corporate  revenue 
and  pent-up  demand  for  long- 
delayed  technology  projects 
are  expected  to  contribute  to  a 
3%  to  5%  increase  in  overall  IT 
spending  next  year,  according 
to  several  industry  researchers. 

And  as  IT  managers  enter 
the  final  stages  of  negotiating 
their  2004  technology  budgets 


with  CEOs  and  other  business 
executives,  initiatives  such  as 
security,  Web  services  and 
CRM  are  expected  to  benefit. 

However,  there  isn’t  una¬ 
nimity  on  the  likelihood  of  a 
rise  in  IT  investments  next 
year,  judging  by  comments  by 
IT  professionals  and  industry 
analysts  in  interviews  last 
week.  For  example,  Gartner 
Inc.  IDC  and  Alinean  LLC  are 
all  forecasting  small  spending 
increases.  But  Meta  Group 
Inc.  said  it  expects  IT  outlays 
Spending,  page  39 


IBM  Pushes 
DataCenter 
Provisioning 

Like  HP  and  Sun,  to 
offer  software  to  control 
computing  resources 

BY  THOMAS  HOFFMAN 

Looking  to  trump  offerings 
from  Hewlett-Packard  Co.  and 
Sun  Microsystems  Inc.,  IBM 
this  month  plans  to  begin 
rolling  out  a  set  of  in¬ 
telligent  system-pro¬ 
visioning  tools  that 
can  track  the  use  of 
mainframes,  servers  and  stor¬ 
age  devices  and  automatically 
redirect  data  flows  as  needed. 

IBM  this  week  will  an¬ 
nounce  an  initial  product 
that’s  primarily  focused  on 
redirecting  Internet  traffic 


among  different  Web  servers. 
Company  officials  said  that 
tool,  called  Tivoli  Intelligent 
Orchestrator  and  due  for  re¬ 
lease  late  this  month,  will  be 
joined  later  this  year  and  in 
2004  by  software  that  can  sup¬ 
port  CRM  systems  and  other 
complex  applications. 

The  overall  product  offer¬ 
ing,  code-named  Symphony,  is 
being  designed  to  help  IT 
managers  take  advantage  of 
underutilized  computing  re¬ 
sources  and  move  processing 
workloads  off  of  systems  that 
are  nearing  their  ca¬ 
pacity  thresholds. 

Frank  Webb,  a 
technology  manager 
at  insurer  American  Interna¬ 
tional  Group  Inc.  in  Jersey 
City,  N.J.,  said  many  IT  admin¬ 
istrators  would  likely  be  inter¬ 
ested  in  such  tools.  But  he  not¬ 
ed  that  IT  spending  “is  pretty 
Symphony,  page  39 
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Blaster  Worm  Linked  to 
Severity  of  Blackout 


Exposure  of  communications  flaws  heightens 
concerns  about  security  of  the  U.S.  power  grid 


BY  DAN  VERTON 

WASHINGTON 

The  W32.Blaster  worm  may 
have  contributed  to  the  cascad¬ 
ing  effect  of  the  Aug.  14  black¬ 
out,  government  and  industry 
experts  revealed  last  week. 

On  the  day  of  the  blackout, 
Blaster  degraded  the  perfor¬ 
mance  of  several  communica¬ 
tions  lines  linking  key  data 
centers  used  by  utility  compa¬ 
nies  to  manage  the  power  grid, 
the  sources  confirmed. 

“It  didn’t  affect  the  [control] 


INSIDE 

Power  grid  IT  contract 
up  for  bid.  ige  4 


systems  internally,  but  it  most 
certainly  affected  the  timeli¬ 
ness  of  the  data  they  were  re¬ 
ceiving  from  other  networks,” 
said  Gary  Seifert,  a  researcher 
at  the  U.S.  Department  of  En¬ 
ergy’s  Idaho  National  Engi¬ 
neering  and  Environmental 
Laboratory  in  Idaho  Falls,  re¬ 
ferring  to  flow-control  and 


load-balancing  data  that’s 
transmitted  over  public  tele¬ 
communications  networks.  “It 
certainly  compounded  the 
problems”  relating  to  the  con¬ 
gestion  of  key  communica¬ 
tions  links  used  by  utilities  to 
coordinate  contingency  ef¬ 
forts,  Seifert  added. 

The  inability  of  critical  con¬ 
trol  data  to  be  exchanged 
quickly  across  the  grid  could 
have  hampered  the  operators’ 
ability  to  prevent  the  cascading 
effect  of  the  blackout,  he  said. 
Seifert  stressed,  however,  that 
no  one  is  certain  at  this  point 

Blackout,  page  4 


Bootleg  IT  projects  are 
a  fact  of  corporate  life,  a 
Computerworld  survey 
shows,  from  the  unautho¬ 
rized  CRM  package  in  the 
marketing  department  to 
the  Linux  machine  that 
comes  in  the  back  door. 
Savvy  CIOs  are  learning 
how  to  cope.  Page  27 
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Introducing  Microsoft  Windows  Server  2003.  Do  more  with  less. 


You’re  being  asked  to  do  more.  You’re  being  asked  to  do  it  with  less.  Microsoft*  Windows  Server  2003  is  designed  to 
help  you  manage  these  opposing  forces  with  powerful  server  consolidation  capabilities  that  increase  efficiency,  decrease 
man-hours,  and  lower  your  total  cost  of  ownership.  Download  your  free  evaluation  copy  of  Windows  Server  2003  at 
microsoft.com/windowsserver2003  Software  for  the  Agile  Business. 

Information  Resources,  Inc.  (IRI)  manages  over  122  terabytes  of  data  to  provide  consumer  behavior  insights,  advanced  analytics,  and 
decision  analysis  tools  for  some  of  the  largest  consumer  packaged  goods,  healthcare,  retail,  and  financial  companies  in  the  world.  To  meet 
increasing  demand  for  faster,  more  granular  business  intelligence  while  reducing  costs,  IRI  is  using  64-bit  editions  of  Windows  Server  2003 
and  SQL  Server 2000  on  an  Intel  Itanium  2  system  to  deliver  faster  answers  to  its  customers.  The  result?  IRI  will  be  able  to  process  more 
queries,  using  a  fraction  of  the  number  of  servers  while  realizing  significant  cost  savings  and  improving  customer  service. 


HE  RIGHT  PIECE 
RINGS  IT  ALL 


Imagine  giving 


on  blade  servers 


Thanks  to  the  blade  server  platform,  you've 
reduced  everything — server  size,  space,  cables, 
management  overhead  and  most  importantly, 
costs.  But  then  you  realize  that  even  when 
consolidated,  the  new  server  platform  still  has 
to  meet  the  same  demands:  it  has  to  be  highly 
available,  secure,  scalable  and  completely 
reliable  in  its  performance. 


How  do  you  meet  those  demands  without  '■ 
sacrificing  all  you've  just  gained?  F5's  BIG-IP® 
Blade  Controller  software  provides  traffic 
management  that  virtualizes  and  load  balances 
the  blade  server  environment.  Now  you  can  pool 
blades  and  concentrate  their  power,  route  traffic 
to  those  that  are  performing  well,  and  manage 
them  as  a  single  entity.  And  with  BIG-IP  Blade 
Controller  loaded  directly  onto  blade  servers, 
you're  guaranteed  to  achieve  the  high 
availability  performance  it  takes  to  reliably 
deliver  applications. 


Give  your  imagination  free  reign  and  your 
bottom  line  room  to  grow. 

Visit  www.f5.com/bccw  to  learn  more  and 
experience  a  flash  demo.  Or  call  800-916-7185 


Corporate  Express  Goes  Direct 

In  the  Technology  section:  Corporate  Express,  a 
$5.5  billion  office  products  supplier,  improved 
service  and  cut  costs  when  VPs  Bret  Mclniss 
(far  left)  and  Wayne  Aiello  integrated  its  sup¬ 
ply  systems  with  those  of  its  customers.  Page  17 
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Principles 
of  the 

Business  Rule 
Approach 
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09.01.03 


Business  Rules  Come  First 

In  the  Management  section:  Don’t  start  an  IT 
project  without  a  clear  set  of  written  rules  about 
the  way  your  company  conducts  business,  advises 
author  Ronald  G.  Ross  in  this  excerpt  from  his  book 
Principles  of  the  Business  Rule  Approach.  Page  30 
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5  Inadequate  IT  at  NASA  con¬ 
tributed  to  the  Columbia  dis¬ 
aster,  according  to  the  panel 
that  investigated  the  crash. 

5  RFID  technology  is  a  threat  to 
personal  privacy,  say  critics. 

6  PeopleSoft  renews  its  anti- 
Oracle  refund  offer,  but  Ora¬ 
cle  calls  it  a  gimmick. 

8  Automated  patch  manage¬ 
ment  tools  are  attracting 
users  seeking  better  protec¬ 
tion  from  security  threats. 

8  Network  Associates  unveils 
network  and  security  manage¬ 
ment  tools  for  small  and  mid¬ 
size  businesses. 

9  A  military  unit  expands  its 

deployment  of  network  man¬ 
agement  tools  and  robotic 
PCs  to  monitor  the  perfor¬ 
mance  of  a  logistics  system. 

9  Dell  releases  network  man¬ 
agement  software,  and  Dell 
PowerConnect  switch  users 
will  get  it  for  free. 

10  The  nation’s  first  automated 
emergency  alert  network  is 
deployed  in  Oregon. 

10  Security  vendor  Sanctum  up¬ 
grades  tools  for  detecting  se¬ 
curity  flaws  in  software  dur¬ 
ing  the  development  phase. 

11  New  international  banking 

laws  will  require  changes  in 
banks’  IT  infrastructures. 

11  McData  aims  to  improve  its 

storage  switch  technology 
through  acquisitions. 


20  Stretching  Tape  Technology. 

IT  administrators  may  com¬ 
plain,  but  tape  will  be  around 
for  at  least  another  10  years. 
Here’s  why. 

22  Future  Watch:  Genoa  II:  Man 
and  Machine  Thinking  as 
One.  Future  technologies  will 
make  it  possible  for  humans 
and  computers  to  “think  to¬ 
gether”  in  real  time  to  pre¬ 
empt  terrorist  threats. 


23  Security  Manager’s  Journal: 
New  Spam  Policy:  Return  to 
Sender.  Vince  Tuesday’s 
strategy  to  automatically  re¬ 
turn  suspected  spam  before  it 
can  hit  users’  in-boxes  works 
perfectly  —  almost. 

MANAGEMENT 

27  Dealing  With  Rogue  IT.  Wild¬ 
cat  projects  are  going  on  with¬ 
out  the  knowledge  or  over¬ 
sight  of  IT  departments 
everywhere.  Sometimes  they 
make  a  lot  of  sense  for  the 
company,  but  sometimes 
they’re  disasters. 

29  Global  Toolbox.  Managers  are 
using  various  tools  —  such  as 
procurement  software  and 
videoconferencing  —  for 
managing  contract  develop¬ 
ment  being  done  overseas. 


6  On  the  Mark:  Mark  Hall  gets 
an  earful  from  Sun  on  Java 
handheld  security,  and  he  also 
learns  about  the  cost  of  spam 
filters  that  eliminate  impor¬ 
tant  e-mail. 

12  Maryfran  Johnson  thinks  IT 
managers  should  seek  part¬ 
nerships  with  business  units 
that  have  started  their  own 
rogue  IT  projects. 

12  Pimm  Fox  surrenders  to  the 
spammers  and  virus  creators 
who  have  ruined  e-mail’s 
value.  But  he’s  found  a  pos¬ 
sible  alternative. 

13  Thornton  May  argues  that 
world-class  IT  operations 
have  a  new  view  on  what  it 
means  to  be  a  true  IT  hero. 

24  Paul  A.  Strassmann  says  it’s 
hard  to  make  a  case  for  IT 
spending  that’s  mostly  for 
creaky  infrastructure. 

32  Paul  Glen  believes  the  work 
of  archaeologists  offers 
lessons  for  IT  teams. 

40  Frankly  Speaking:  Frank 

Hayes  celebrates  a  rather 
bleak  Labor  Day  for  IT  work¬ 
ers  with  some  good  news 
about  how  valuable  your  tech¬ 
nology  skills  are  to  business 
performance. 
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How  are  you  coping  with  the  recent 
worm-generated  e-mail  flood? 


Adjusted 

gateway 

settings 


Isn’t  a 
problem 


Adjusted 
user  e-mail/ 
spam  filters 


Shut  down  some 
e-mail  accounts 


©  Take  this  week's  QuickPoll  at  www.computerworld.com. 
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J2EE  vs  .Net:  The  Choice 
Depends  on  Your  Needs 

DEVELOPMENT:  The  two  platforms  are 
remarkably  similar,  and  incorporating  a 
service-oriented  architecture  is  a  more 
important  concern.©  QuickLink 40744 

A  Look  at  Apple’s  Power  Mac  G5s 

MACINTOSH:  Computer  consultant  and 
Macintosh  technician  Michael  de  Agonia 
looks  at  Apple’s  evolving  enterprise-centric 
efforts.  ©  QuickLink  40865 


How  to  Succeed  at 
Supply  Chain  Collaboration 

SOFTWARE:  Prescient’s  Jane  Hoffer  offers 
tips  on  implementing  a  vendor-managed 
inventory  program.  ©  QuickLink  40835 
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On  some  pages  in 
this  issue,  you'll  see 
a  QuickLink  code  pointing 
to  additional,  related  con¬ 
tent  on  our  Web  site.  Just 
enter  that  code  into  our 
QuickLink  box,  which 
you’ll  see  at  the  top  of 
each  page  on  our  site. 
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Suspect  Arrested 
For  Blaster  Variant 


The  FBI  arrested  a  Minnesota 
teenager  who  is  suspected  of  de¬ 
veloping  a  copycat  variant  of  the 
W32.Blaster  worm,  which  targets 
a  security  hole  in  Windows.  Jef¬ 
frey  Lee  Parson,  18,  of  Hopkins, 
Minn.,  was  being  held  on  one 
count  of  intentionally  causing  or 
attempting  to  cause  damage  to  a 
computer,  officials  said.  Authori¬ 
ties  allege  that  Parson  created  a 
so-called  B-variant  of  Blaster  and 
unleashed  it  via  the  Internet.  (For 
more  details,  go  to  our  Web  site: 
QuickLink  40983.) 


Boeing,  IBM  Sign 
Voice  IT  Contract 

IBM  said  it  has  won  a  three-year 
contract  worth  an  estimated  $160 
million  to  manage  The  Boeing 
Co.’s  worldwide  voice  communi¬ 
cations  network.  As  part  of  the 
deal,  IBM  and  Verizon  Communi¬ 
cations  will  install  a  new  voice 
management  system  for  Chicago- 
based  Boeing’s  U.S.  operations. 
IBM  is  also  offering  Boeing  vari¬ 
able  pricing  on  telephony  systems 
and  other  technologies. 


Lockheed  Martin 
Wins  FBI  IT  Deal 

Lockheed  Martin  Corp.  in  Bethes- 
da,  Md.,  said  it  has  been  awarded 
a  five-year,  $140  million  contract 
to  be  the  systems  integrator  on 
the  FBI’s  Technology  Infusion 
Program.  The  project  is  part  of  a 
plan  by  the  FBI  to  develop  a  new 
enterprisewide  IT  security  archi¬ 
tecture  that’s  aimed  at  better  pro¬ 
tecting  key  data  assets. 


Short  Takes 

SUN  MICROSYSTEMS  INC.  and 
SIEBEL  SYSTEMS  INC.  this  week 
plan  to  announce  a  joint  develop¬ 
ment  deal  aimed  at  optimizing  the 
performance  of  Siebel’s  CRM 
software  on  Sun  Solaris  servers. 

. . .  PEOPLESOFT  INC.  said  it  has 
bought  the  remaining  shares  of 
.1.0.  EDWARDS  &  CO.  (See  related 
story,  page  6.) 


Continued  from  page  1 

Blackout 

what  caused  the  blackout. 

A  former  Bush  administra¬ 
tion  adviser  who  has  consult¬ 
ed  with  the  U.S.  Department 
of  Homeland  Security  on  the 
power  grid  issue  said  the 
Blaster  worm  also  hampered 
the  ability  of  utilities  in  the 
New  York  region  to  restore 
power  in  a  more  timely  man¬ 
ner  because  some  of  those 
companies  were  running  Win¬ 
dows-based  control  systems 
with  Port  135  open  —  the  port 
through  which  the  worm  at¬ 
tacked  systems. 

Utilities  that  responded  to 
requests  for  comment  for  this 
article  said  they  weren’t  ad¬ 
versely  affected. 

Carol  Murphy,  vice  presi¬ 
dent  of  government  affairs  at 
the  New  York  Independent 
System  Operator,  acknowl¬ 
edged  that  Blaster  affected  the 
utility  but  said  the  problem 
was  handled  quickly,  with  no 
impact  on  power  restoration 
operations.  Joe  Petta,  a  spokes¬ 
man  for  Consolidated  Edison 
Company  of  New  York  Inc., 
said  there  were  “absolutely  no 
computer-related  problems  of 
any  sort  that  delayed  our 
restoration  effort.” 

The  control  systems  re¬ 
ferred  to  by  Seifert,  also 
known  as  supervisory  control 
and  data  acquisition  (SCADA) 
systems,  are  used  to  manage 
large  industrial  operations, 
such  as  the  natural  gas  and 
electric  power  grids.  They’re 
often  based  on  Windows  2000 
or  XP  operating  systems  and 
rely  on  commercial  data  links, 
including  the  Internet  and 
wireless  systems,  for  exchang¬ 
ing  information. 

Scott  Charney,  chief  securi¬ 
ty  strategist  at  Microsoft 
Corp.,  said  that  Blaster  raised 
a  security  and  network  perfor¬ 
mance  issue  for  all  Microsoft 
customers  and  that  there  was 
nothing  unique  about  the  elec¬ 
tric  power  industry. 

Joe  Weiss,  a  control  system 
expert  and  executive  consul¬ 
tant  at  Cupertino,  Calif. -based 
Kema  Consulting  Inc.,  said 
that  in  the  Blaster  case,  the 
power  grid  fell  victim  to  a 


worm  that  attacked  the  com¬ 
munications  infrastructure. 

However,  the  control  sys¬ 
tems  themselves  are  also  at 
risk. 

Current  and  former  energy 
industry  executives,  as  well  as 
the  former  Bush  administra¬ 
tion  security  adviser,  told 
Computerworld  on  condition 
of  anonymity  that  the  January 
outbreak  of  the  Slammer 
worm  affected  the  real-time 
control  environment  of  “sev¬ 
eral”  utility  companies  around 
the  country. 

One  of  those  companies  was 
Akron,  Ohio-based  FirstEner¬ 
gy  Corp.  Although  FirstEnergy 
has  said  publicly  that  Slammer 
didn’t  infect  any  of  the  control 
systems  at  its  Davis-Besse  nu¬ 
clear  power  plant  in  Oak  Har¬ 
bor,  Ohio,  knowledgeable 
sources  said  the  worm  did 
cause  disruptions.  However, 
the  plant  was  in  “cold  shut¬ 
down  maintenance  mode”  and 
wasn’t  producing  electricity  at 
the  time,  the  sources  said. 
FirstEnergy  didn’t  respond  to 
a  request  for  comment. 

“Because  Slammer  didn’t 
cause  any  loss  of  power,  it 


AT  A  GLANCE 


Recommendations 
For  SCADA  Security 

■  Protect  SCADA  system  net¬ 
works  from  the  Internet  and  other 
company  networks  via  firewalls. 

■  Firewall  rules  should  deny  all 
network  traffic  that  isn’t  specifi¬ 
cally  required  for  the  operation  of 
the  critical  system  and  supported 
operations. 

■  For  open  ports,  restrict  traffic 

to  those  addresses  from  which  such 
traffic  is  expected. 

■  Do  not  permit  VPN  tunneling 

through  the  SCADA  network  securi¬ 
ty  perimeter. 

■  Restrict  remote  access  to 
SCADA  networks. 

SOURCE:  NORTH  AMERICAN  ELECTRIC 
RELIABILITY  COUNCIL 


wasn’t  reported  by  the  utilities 
that  were  infected,”  said  an  in¬ 
dustry  executive  who  had  dis¬ 
cussions  with  utility  officials. 

A  spokesperson  for  the 
North  American  Electric  Reli¬ 
ability  Council  (NERC),  which 
is  helping  to  spearhead  a  task 
force  to  study  the  causes  of 


last  month’s  blackout,  de¬ 
clined  to  comment  on  the  role 
the  Blaster  worm  may  have 
played.  However,  a  NERC  re¬ 
port  dated  June  20,  2003, 
shows  that  the  Slammer  worm 
had  a  significant  impact  on 
some  utilities. 

In  one  case,  a  server  on  a 
control  center  LAN  running 
Microsoft’s  SQ.L  Server  wasn’t 
patched,  according  to  the  re¬ 
port.  “The  worm . . .  apparent¬ 
ly  [migrated]  through  the  cor¬ 
porate  networks  until  it  finally 
reached  the  critical  SCADA 
network  via  a  remote  comput¬ 
er  through  a  VPN  connec¬ 
tion,”  the  report  states.  As  a 
result,  “the  worm  propagated, 
blocking  SCADA  traffic.” 

In  a  second  case  documented 
by  Princeton,  N.J.-based  NERC, 
a  frame-relay-based  control 
network  using  Asynchronous 
Transfer  Mode  “became  over¬ 
whelmed  by  the  worm,  block¬ 
ing  SCADA  traffic.”  I 


COMPLETE  COVERAGE 

Read  our  “Blackout  2003”  special 
coverage  on  our  Web  site: 

QuickLink  a3550 
www.computerworld.com 


be  for  the  larger  national  grid. 

The  natural  gas  industry  has 
used  modeling  and  simulation  for 
several  years  to  improve  decision¬ 
making  during  crises. 

“We  used  modeling  and  simu¬ 
lation  this  past  year  when  looking 
at  the  potential  for  disruption  in 
the  interstate  pipelines  due  to  ter¬ 
rorism,"  said  Gary  Gardner,  CIO  of 
the  Washington-based  American 
Gas  Association.  However,  “the 
nature  of  gas  pipelines  is  such 
that  you  can  more  easily  segment 
and  reroute  supply,”  he  said. 

Joe  Weiss,  an  analyst  at  Kema 
Consulting  and  a  former  technical 
manager  at  the  EPRI,  said  indus¬ 
try  standards  are  critical. 

“Standards  are  currently  being 
developing  in  numerous  different 
standards  organizations,  both  in 
North  America  and  internationally. 
There  is  a  need  for  integration  be¬ 
tween  these  different  standards 
organizations”  before  any  major 
modernization  program  can  move 
forward,  he  said. 

-Dan  Vertcn 


Power  Grid  IT  Contract  Up  for  Bid 


WASHINGTON 


The  electric  power  industry  this 
week  plans  to  take  the  first  step  in 
a  $100  billion  modernization  pro¬ 
gram  by  requesting  bids  for  a  con¬ 
tract  to  develop  an  advanced 
modeling  and  simulation  system 
capable  of  advising  utilities  on 
what  actions  to  take  in  the  event 
of  a  local  power  failure. 

The  contract  process  is  being 
spearheaded  by  the  Electricity  In¬ 
novation  Institute  (Ell),  a  high- 
tech  research  and  development 
arm  of  the  Palo  Alto,  Calif. -based 
Electric  Power  Research  Institute 
(EPRI). 

The  technological  centerpiece 
of  the  EPRI  plan  is  what's  known 
in  the  energy  industry  as  a  “smart 
grid”  capable  of  monitoring  its 
own  health  at  all  times.  It  would 
alert  officials  immediately  when 
problems  arise  and  automatically 
take  corrective  actions  that  en¬ 
able  the  grid  to  fail  gracefully  and 
prevent  a  local  failure  from  cas¬ 


cading  out  of  control,  as  occurred 
on  Aug.  14. 

T.  J.  Glauthier,  CEO  of  the  Ell, 
said  the  group  plans  to  start 
demonstration  projects  and  small- 
scale  deployments  of  the  model¬ 
ing  and  simulation  system  in  less 
than  five  years.  He  said  real-time 
vulnerability  assessments  are 
possible  in  a  year.  Glauthier  said 
the  bids  are  being  requested  for  a 
“multimillion-dollar”  contract,  but 
he  declined  to  elaborate  on  cost 
expectations. 

“Right  now,  there  are  sensors 
in  some  places,  but  not  through¬ 
out  the  whole  grid,”  said  Glau¬ 
thier.  “So  utilities  don’t  have  a 
good  instantaneous  picture  of 
what’s  happening.” 

The  goal  is  for  all  of  the  na¬ 
tion’s  utilities  to  have  the  model¬ 
ing  tools  necessary  to  simulate 
failures  and  their  responses.  That 
will  allow  them  to  determine  in 
near  real  time  what  the  conse¬ 
quences  of  those  actions  might 
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Use  of  RFID  Flaises 
Privacy  Concerns 


‘Smart’  tags  could 
profile  consumers, 
critics  contend 


BY  JAIKUMAR  VIJAYAN 

Privacy  concerns  re¬ 
lated  to  the  use  of  ra¬ 
dio  frequency  identifi¬ 
cation  (RFID)  tech¬ 
nology  got  an  airing  at  a  re¬ 
cent  California  state  legisla¬ 
tive  hearing. 

RFID  is  a  nascent  technolo¬ 
gy  that’s  expected  to  eventual¬ 
ly  replace  bar  codes.  It  uses 
low-powered  radio  transmit¬ 
ters  to  read  data  stored  in  tags 
that  are  embedded  with  tiny 
chips  and  antennas. 

Proponents  of  the  technolo¬ 
gy  say  such  “smart”  tags  can 
store  more  detailed  informa¬ 
tion  than  conventional  bar 
codes,  enabling  retailers  and 
manufacturers  to  track  items 
at  the  unit  level. 

But  privacy  advocates  who 
testified  at  the  California 
hearing  late  last  month  said 
the  technology  has  the  poten¬ 
tial  to  seriously  infringe  on 
personal  privacy. 

“If  ever  there  was  a  technol¬ 
ogy  calling  for  public-policy 
assessment,  it  is  RFID,”  said 
Beth  Givens,  director  of  the 
Privacy  Rights  Clearinghouse, 
an  advocacy  organization  in 
San  Diego.  “RFID  is  essential¬ 
ly  invisible  and  can  result  in 
both  profiling  and  locational 
tracking  of  consumers  without 
their  knowledge  or  consent.” 

Placing  RFID  tags  on  con¬ 
sumer  products  will  allow 
merchants  to  capture  personal 
information  about  shoppers, 
Givens  said. 

For  example,  the  informa¬ 
tion  contained  on  RFID  tags 
could  be  picked  up  by  readers 
in  a  store  to  reveal  where  a 
consumer  purchased  an  item 
or  how  much  he  paid  for  it. 
This  could  result  in  unaccept¬ 
able  profiling  of  consumers, 
she  said. 


The  unique  information 
contained  in  each  RFID  tag 
could  also  be  captured  by  vari¬ 
ous  readers  and  used  to  track 
a  person’s  movements  through 
tollbooths,  public  transporta¬ 
tion  and  airports,  Givens  said. 

“So  far,  the  development 
and  implementation  of  RFID 
has  been  done  in  a  public- 
policy  void.  What  is  needed 
is  a  formal  technology  assess¬ 
ment  process  to  be  done  by 
some  sort  of  a  nonpartisan 
body  comprised  of  all  stake¬ 
holders,  including  con¬ 
sumers,”  she  said. 


That  sentiment  was  echoed 
by  Liz  McIntyre,  a  spokes¬ 
woman  for  Consumers 
Against  Supermarket  Privacy 
Invasion  and  Numbering,  a 
consumer  advocacy  group 
that  also  testified  at  the 
hearing. 

“Without  some  sort  of  over¬ 
sight,  this  technology  could 
create  a  very  frightening  soci¬ 
ety,”  McIntyre  said. 

“RFID  per  se  is  not  the  big 
issue,”  said  Greg  Pottie,  an  en¬ 
gineer  at  the  Center  for  Em¬ 
bedded  Network  Sensing  at 
the  University  of  California  at 


Responsible  RFID 


Privacy  advocates  insist  that: 

■  Individuals  have  a  right  to  know 
that  products  contain  RFID  tags. 

■  Individuals  also  must  know 
when,  where  and  why  RFID 
tags  are  being  read. 

■  Individuals  have  the  right  to 
have  RFID  tags  removed  or 
permanently  deactivated  when 
they  purchase  products  or  other¬ 
wise  obtain  items  containing 
RFID  tags. 

■  Merchants  must  be  prohibited 
from  coercing  customers  into 
keeping  the  tags  “live”  on  the 
product. 

■  The  default  option  -  whether 
to  disable  a  tag  or  keep  it  “live” 

-  must  be  to  disable  it. 

SOURCE:  PRIVACY  RIGHTS  CLEARINGHOUSE 


Los  Angeles.  “The  major  ques¬ 
tions  relate  to  sharing  of  digi¬ 
tal  information,  however  that 
information  is  collected.” 

A  representative  from  AIM 
Inc.,  The  Association  for  Au¬ 
tomatic  Identification  and 
Data  Capture  Technologies,  a 
Pittsburgh-based  proponent  of 
the  use  of  RFID  technology, 
also  testified  at  the  hearing 
but  didn’t  return  calls  seeking 
comment.  However,  the  orga¬ 
nization  has  created  a  work¬ 
group  that’s  focused  on  ad¬ 
dressing  privacy  concerns 
relating  to  RFID. 

According  to  the  organiza¬ 
tion’s  Web  site,  it  believes  that 
“RFID  presents  no  more  of  a 
threat  to  individual  privacy 
than  the  use  of  cell  phones, 
toll  tags,  credit  cards,  the  use 
of  ATM  machines  and  access- 
control  badges.”  > 


Inadequate  Systems  Play  Role  in 
Columbia  Disaster,  Report  Finds 

Agency  failed  to  integrate  critical  data 


BY  DAN  VERTON 

WASHINGTON 

Spaceflight  is  an  inherently 
risky  business,  but  the  Nation¬ 
al  Aeronautics  and  Space  Ad¬ 
ministration’s  reliance  on 
e-mail  and  a  flimsy  spread¬ 
sheet  application  helped  turn 
risk  into  disaster. 

That’s  one  of  the  main  con¬ 
clusions  of  last  week’s  long- 
awaited  final  report  by  the  Co¬ 
lumbia  Accident  Investigation 
Board  (CAIB).  The  board  con¬ 
cluded  that  “deficiencies  in 
communication  . . .  were  a 
foundation  for  the  Columbia 
accident.” 

The  CAIB,  chaired  by  re¬ 
tired  Navy  Adm.  Hal  Gehman, 
painted  a  picture  of  a  massive 
bureaucracy  that  relied  on  in¬ 
formal  e-mail  communications 
to  manage  the  in-flight  analy¬ 
sis  of  the  damage  to  Colum¬ 
bia's  left  wing  by  a  piece  of  in¬ 
sulating  foam  that  broke  loose 
during  takeoff. 

This  led  to  a  series  of  dis¬ 
cussions  that  took  place  in  a 
vacuum,  with  little  or  no 


cross-organizational  commu¬ 
nications  and  often  no  feed¬ 
back  from  senior  managers 
contacted  by  low-level  engi¬ 
neers  with  concerns  about  the 
shuttle’s  safety,  the  report  said. 

In  its  attempt  to  answer  why 
a  seemingly  IT-sawy  agency 
would  rely  on  little  more  than 
e-mail  to  communicate  critical 
analyses,  the  CAIB  discovered 
that  there  were  deficiencies  in 
problem-  and  waiver-tracking 
systems,  and  that  the  exchange 
of  communications  across 
NASA  hierarchy  was  limited. 
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A  major  element  in  NASA’s 
management  and  decision¬ 
making  failures  was  its  inabili¬ 
ty  to  integrate  critical  safety 
information  and  analysis,  the 
report  said.  “The  agency’s  lack 
of  a  centralized  clearinghouse 
for  integration  and 
safety  further  hin¬ 
dered  safe  opera¬ 
tions,”  it  said. 

And  while  NASA 
does  have  an  auto¬ 
mated  system  in 
place  to  track  so-called  critical 
items  related  to  safety,  “the  in¬ 
formation  systems  supporting 
the  shuttle  —  intended  to  be 
tools  for  decision-making  — 
are  extremely  cumbersome 
and  difficult  to  use  at  any 
level,”  the  report  said. 

“The  Lessons  Learned  In¬ 
formation  System  database 
is  a  much  simpler  system  to 
:  use,  and  it  can  assist  with 
hazard  identification  and 
risk  assessment,”  the  board 
concluded.  “However,  per¬ 
sonnel  familiar  with  the 
Lessons  Learned  Informa¬ 
tion  System  indicate  that  de¬ 
sign  engineers  and  mission 


To  read  the  CAIB  re¬ 
port  and  transcripts 
of  NASA’s  response, 
visit  our  Web  site: 
OQuickLink  a3570 
computerworld.com 


assurance  personnel  use  it 
only  on  an  ad  hoc  basis,  there¬ 
by  limiting  its  utility.” 

The  CAIB  report  also 
slammed  NASA  for  its  re¬ 
liance  on  a  modeling  and  sim¬ 
ulation  tool  called  Crater  that 
was,  in  the  board’s  opinion, 
“inadequate”  to  evaluate  the 
damage  caused  to  Columbia 
by  the  foam  impact. 

In  fact,  Crater  is  nothing 
more  than  a  spreadsheet  that 
matches  the  size  of  debris 

strikes  with  damage 
to  protective  heat 
tiles  based  on  tests 
and  observations 
from  previous  shut¬ 
tle  flights. 

NASA  Adminis¬ 


trator  Sean  O’Keefe  said  the 
agency  plans  within  the  next 
30  days  to  establish  a  NASA 
Engineering  and  Safety  Center 
to  act  as  the  central  clearing¬ 
house  for  all  safety  data  inte¬ 
gration  and  collaboration  as 
recommended  in  the  report. 

In  addition,  he  said,  engi¬ 
neers  will  be  researching  ways 
to  communicate  more  data 
from  shuttle  sensors  to  ground 
control  centers  to  give  offi¬ 
cials  more  accurate  real-time 
data.  They  will  also  work  on 
improving  the  digitization  of 
shuttle  engineering  drawings 
to  expedite  safety  investiga¬ 
tions,  O’Keefe  said.  > 
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CA  Agrees  to  Settle 
Class-Action  Suits 


Computer  Associates  Interna¬ 
tiona!  Inc.  said  it  has  agreed  to 
settle  three  class-action  lawsuits 
that  were  filed  five  years  ago 
over  its  accounting  practices.  CA 
will  take  a  pretax  charge  of  $144 
miiiion  during  its  current  quarter 
to  cover  the  deal,  under  which  it 
will  issue  up  to  5.7  million 
shares  of  new  stock.  The  settle¬ 
ment  won’t  affect  ongoing  gov¬ 
ernment  investigations  of  CA’s 
accounting  policies,  the  Islandia, 
N.Y.-based  company  said. 


Siebel  Adopts  New 
Governance  Rules 

Siebel  Systems  Inc.  in  San  Ma¬ 
teo,  Calif.,  plans  to  make  several 
corporate  governance  changes 
as  part  of  an  agreement  to  settle 
an  excessive-compensation  law¬ 
suit  filed  last  year  by  the  Teach¬ 
ers’  Retirement  System  of 
Louisiana.  Among  other  steps, 
the  CRM  software  vendor  said  it 
will  add  a  new  board  member 
and  ensure  that  only  outside  di¬ 
rectors  serve  on  its  executive 
compensation  committee. 


Amazon  Targets 
E-mail  Spoolers 

Amazon.com  Inc.  said  it  has  filed 
11  lawsuits  against  online  mar¬ 
keters  in  the  U.S.  and  Canada, 
claiming  that  they  illegally  used 
its  name  in  spam  e-mail.  One  of 
the  alleged  e-mail  forgers  has 
agreed  to  a  settlement,  it  added. 
The  Seattle-based  online  retailer 
said  it’s  working  with  Internet 
service  providers  to  find  techni¬ 
cal  ways  to  make  it  harder  to 
spoof  e-mail  addresses. 


Short  Takes 

SILICON  GRAPHICS  INC.  said  it 
will  cut  600  more  jobs,  reducing 
its  workforce  to  a  total  of  3,000 
employees. ...  SUN  MICROSYS¬ 
TEMS  INC.  and  HITACHI  LTD.  ex¬ 
tended  through  2006  a  deal  un¬ 
der  which  Sun  resells  Hitachi- 
made  storage  devices. 
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MARK  HALL  ■  ON  THE  MARK 

Sun  Disputes  Claim 
That  Java  Handhelds . . . 

. . .  lack  the  security  of  other  Java  systems  [QuickLink  40320].  Tim 
Lindholm,  CTO  of  Sun’s  consumer  and  mobile  systems  group,  ac¬ 
knowledges  that  a  Java-ready  cell  phone  doesn’t  have  everything  in 
your  desktop’s  Java  virtual  machine.  But  to  imply  that  a  mobile  de¬ 
vice’s  JVM  is  less  secure,  “is  something  we  think  is  an  oversimplifica¬ 
tion,”  he  argues.  He  says  the  famous  Java  “sandbox”  that  refuses  to 
execute  code  outside  of  its  domain,  thus  ensuring  software  security, 


remains  in  force.  There  are  more  than 
100  million  Java  devices  on  the  market, 
and  “we’ve  never  had  anyone  break  the  basic 
sandbox,”  he  claims.  Some  class  libraries 
that  handle  cryptographic  functions  were 
the  only  things  removed  from  a  hand¬ 
held’s  JVM.  Those  are  important  features, 
but  Lindholm  suggests  that  the  move  is¬ 
n’t  so  much  a  security  problem  for  users 
as  it  is  “an  inconvenience  for  program¬ 
mers”  who  want  to  encrypt  data  to  and 
from  the  handset.  And  Java  mobile  units 
will  get  even  more  secure  next  quarter  when 
device  vendors  start  ship¬ 
ping  Java  handhelds  with 
secure  HTTP,  which  will 
handle  encryption  via  Se¬ 
cure  Sockets  Layer.  ■  Part 
of  the  problem  that  faces  Web 
developers  using  Java,  claims 
Hollis  Tibbetts,  vice  presi¬ 
dent  of  marketing  at  M7 
Corp.  in  Cupertino,  Calif.,  is 
that  “as  you  start  adding 
multiple  back-end  systems 
and  packaged  applications 
along  with  business  proc¬ 
esses,  Java  becomes  diffi¬ 
cult  to  maintain.”  To  the 


rescue  in  three  weeks  will  be  the  release 
of  the  company’s  upgraded  Java  develop¬ 
er  suites,  M7  Enterprise  4.0  and  M7  Pro¬ 
fessional  4.0.  Both  are  designed  to  permit 
the  rapid  prototyping  of  Java  applica¬ 
tions.  Probably  more  important  will  be 
the  ability  to  revise  the  code  of  live  Web 
pages.  The  enterprise  version  also  adds 
compatibility  with  webMethods  Inc.’s  ap¬ 
plication  connectors,  and  both  versions 
will  be  ready  to  support  the  Struts  frame¬ 
work  for  Java  developers.  ■  If  your  Web 
application  is  intended  to  generate  busi¬ 
ness  —  and  whose  isn’t?  — 
you’d  better  know  what  vis¬ 
itors  are  doing  on  your  site. 
But  if  you  rely  on  analytical 
tools  that  depend  on  a  Web 
site’s  log  files,  as  so  many 
do,  you’re  using  technology 
that  has  “inherent  miscalcula¬ 
tions.”  So  claims  Geoff  Si¬ 
mon,  president  of  Acclivity 
LLC,  a  start-up  in  North- 
ridge,  Calif.  His  $99-a- 
month  Precision  Tracking 
service  will  analyze  your 
site’s  traffic  in  real  time  us¬ 
ing  the  internal  session 


cache.  Data  from  it,  he  purports,  can  help 
you  “optimize  your  site  to  get  users  to  do 
what  you  want  them  to  do.”  You  can  sign 
up  for  a  free  15-day  trial  of  the  service  at 
www.acclivitymarketing.com.  What’s 
more,  the  service  can  link  its  visitor¬ 
tracking  data  to  opt-in  customer  commu¬ 
nications,  thus  improving  the  effectiveness 
of  your  spam,  er,  e-mail  marketing  campaigns. 
■  If  they  truly  are  opt-in  messages,  the 
spam-filtering  technology  from  Front- 
Bridge  Technologies  Inc.  is  designed  to 
let  them  pass  through.  That’s  because  the 
Marina  Del  Rey,  Calif.,  company  is  build¬ 
ing  a  reputation  as  an  ace  spam  fighter  that 
eliminates  false  positives.  Most  spam  filters 
regularly  snag  a  few  e-mails  that  you  re¬ 
ally  want,  forcing  you  to  dig  through  long 
lists  of  porn  come-ons  and  scams  from 
central  Africa  so  as  not  to  miss  an  impor¬ 
tant  missive.  San  Francisco-based  Ferris 
Research  estimates  that  false  positives  cost 
U.S.  companies  about  $50  per  employee,  or 
$3.5  billion  per  year.  Dan  Nadir,  Front- 
Bridge’s  vice  president  of  marketing,  says 
most  spam  filters  depend  on  e-mail  users 
creating  their  own  whitelists,  which 
specify  given  domains  or  correspondents 
whose  messages  you  want  to  receive.  He 
dismisses  that  approach  as  “ceding  re¬ 
sponsibility  to  the  user.”  In  addition  to 
blacklists  and  other  techniques,  Front- 
Bridge’s  TruProtect  Message  Manage¬ 
ment  Suite  service  uses  a  powerful  rules- 
based  engine  that  runs  through  10,000 
rules  to  determine  whether  a  message  is 
spam  or  legitimate.  The  result:  The  com¬ 
pany  “guarantees”  only  one  false  positive 
per  1  million  messages  while  eliminating 
virtually  all  spam.  Because  spammers 
continue  to  improve  their  techniques, 
however,  FrontBridge  intends  to  add 
technology  by  month’s  end  that  will  track 
spammers  to  their  source  servers  and 
block  all  messages  from  them.  Almost 
makes  you  pity  the  poor  spammer.  I 


Get  in  the  Chain 


Midsize  companies  linked 
to  a  giant  corporation’s 
supply  chain  will  get  more 
help  by  the  end  of  Q4  when 
GridNode  Inc.  in  Redwood 
City,  Calif.,  ships  GridTalk 
2.2,  its  real-time  supply 
chain  tool.  It  will  come  with 
features  like  RFQ  manage¬ 
ment,  Web  services  and 
enhancements  for  the  ver¬ 
tical  retail  market. 


PeopleSoft  Renews  Its 
Anti-Oracle  Refund  Offer 


BY  TODD  R.  WEISS 

PeopleSoft  Inc.  last  week  said 
it  has  reinstated  a  refund  offer 
that  would  entitle  buyers  of  its 
business  applications  to  get 
their  money  back,  and  more,  if 
the  company  is  bought  out 
and  the  new  owner  discontin¬ 
ues  PeopleSoft  products. 

The  so-called  customer  as¬ 
surance  program  gives  new 
and  upgrading  customers 
guarantees  that  they  will  be 
paid  two  to  five  times  the  cost 


of  their  software  licensing 
contracts  if  the  triggering 
events  occur,  according  to 
PeopleSoft  officials. 

The  Pleasanton,  Calif. -based 
company  first  instituted  the 
money-back  guarantee  in  June, 
after  Oracle  Corp.  announced 
its  hostile  bid  to  acquire  Peo- 
plesoft  [QuickLink  39343],  The 
strategy  was  aimed  at  keeping 
worried  users  from  delaying 
purchases,  and  it  appeared  to 
work:  PeopleSoft  reported 


higher-than-expected  sales  for 
the  second  quarter  and  said 
more  than  half  of  its  license 
revenue  came  from  deals  that 
involved  the  refund  offer. 

PeopleSoft  ended  the  refund 
program  at  the  end  of  June, 
but  spokesman  Steve  Swasey 
said  it’s  being  brought  back 
now  because  Oracle’s  takeover 
bid  is  still  in  play.  “There  has 
been  a  lot  of  uncertainty 
caused  by  Oracle,”  he  said. 
“This  thing  has  lingered  on.” 
No  expiration  date  has  been 
set  on  the  offer,  he  said. 

PeopleSoft’s  decision  to 
again  offer  refunds  was  “a 
sharp  move,”  said  Michael 


Dominy,  an  analyst  at  The 
Yankee  Group.  “It’s  a  brilliant 
sales  strategy.”  He  added  that 
he  was  one  of  many  analysts 
who  didn’t  expect  PeopleSoft 
to  meet  its  second-quarter 
sales  forecast  before  it  turned 
to  the  refund  strategy. 

But  Oracle  spokeswoman 
Deborah  Lilienthal  said  the 
customer  assurance  program 
“is  nothing  more  than  an  un¬ 
sustainable  gimmick.”  The  re¬ 
fund  offer  “is  a  moot  point  be¬ 
cause  Oracle  will  support  all 
of  PeopleSoft’s  customers  for 
a  period  that  far  exceeds  the 
support  deadlines  PeopleSoft 
intends  to  meet,”  she  added.  I 


. 


IBM  lot  a!  Storage 


The  human  body  has  an  amazing  capacity  to  adapt  to  shifting 
demands.  So  do  IBM  TotalStorage  products. The  IBM  TotalStorage 
Virtualization  Family  manages  your  individual  storage  resources 
as  one  common  virtual  pool.  It  can  then  allocate  storage  to  your 
servers,  helping  to  improve  availability  and  utilization.  On  demand. 
Helping  to  lower  your  costs. 

TotalStorage:  storage  for  on  demand  business. 

Can  you  see  it?  See  it  at  ibm.com/totalstorage/ondemand 


IBM  TotalStorage  Virtualization  Family  consists  of  the  SAN  Integration  Server  and  the  SAN  Volume  Controller.  IBM,  the  IBM  logo  and  TotalStorage  are  trademarks  of  International  Business  Machines  Corporate 
product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2003  IBM  Corporation.  All  rights  reserved. 
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Users  Turn  to  Automated 
Patch  Management  Tools 


Blaster,  other 
worms  highlight 
need  for  protection 

BY  JAIKUMAR  VIJAYAN 

oping  to  better  pro¬ 
tect  themselves 
against  escalating 
security  threats 
such  as  the  W32.Blaster  worm, 
user  companies  are  taking  a 
fresh  look  at  automated  patch 
management  technologies. 

These  products,  which  are 
available  from  a  growing  num¬ 
ber  of  vendors,  help  users  look 
for  new  patches,  scan  their 
networks  for  vulnerable  sys¬ 
tems  and  automatically  dis¬ 
tribute  the  appropriate  patches 
when  required.  But  they  don’t 
lessen  the  need  for  companies 
to  thoroughly  test  patches  be¬ 
fore  deploying  them  on  their 
networks,  users  said. 

In  the  wake  of  its  experi¬ 
ence  dealing  with  Blaster,  Bak¬ 
er  Hill  Corp.,  a  Carmel,  Ind.- 
based  application  service 
provider,  has  deployed  auto¬ 
mated  patch  management 
technology  from  Ecora  Soft¬ 
ware  Inc.  in  Portsmouth,  N.H. 

For  about  $5  per  system  per 
year,  Ecora’s  software  alerts 
Baker  Hill  of  new  patches, 
scans  its  networks  for  systems 


Corrections 

The  Hands  On  Reviews  feature  in 
our  Aug.  25  Technology  section 
(“Handhelds  Try  to  Do  It  All")  in¬ 
correctly  listed  a  secure  digital 
expansion  slot  as  one  of  the  fea¬ 
tures  built  into  Handspring  Inc.’s 
Treo  300  handheld  device.  The 
overall  grade  and  value  for  the 
money  rating  that  were  given  to 
the  Treo  300  remain  the  same. 

In  our  Aug.  25  issue’s  Q&A  with 
Microsoft  Corp.  Vice  President 
Jim  Allchin,  the  value  of  the  con¬ 
tract  between  Microsoft  and  the 
Department  of  Homeland  Securi¬ 
ty  was  stated  incorrectly.  The 
correct  value  is  S90  million. 


that  need  them  and  automati¬ 
cally  distributes  them,  said 
Eric  Beasley,  senior  network 
manager  at  Baker  Hill.  The 
technology  lets  the  company 
schedule  patch  deployment 
for  specific  groups  of  systems 
and  enables  it  to  quickly  roll 
back  patches  that  don’t  work. 

“Till  now,  we  felt  we  didn’t 
have  the  business  case  to  say 
we  want  to  spend  money  on  a 
patch  management  system,” 
Beasley  said.  But  threats  such 
as  Blaster  have  highlighted  the 
need  for  companies  to  “patch 
very  aggressively,”  he  said. 

Vendors  offering  patch 
management  products  include 
Shavlik  Technologies  LLC  in 
Roseville,  Minn.,  St.  Bernard 
Software  Inc.  in  San  Diego  and 
PatchLink  Corp.  in  Scottsdale, 
Ariz.  Some  vendors,  such  as 
Ecora  and  Configuresoft  Inc. 
in  Woodland  Park,  Colo.,  offer 
patch  management  functions 
as  a  component  of  their  con¬ 
figuration  management  soft¬ 
ware.  And  Microsoft  Corp.  of¬ 
fers  a  similar  function  with  its 
Software  Update  Services. 

Driving  the  need  for  such 
tools  is  the  simple  fact  that 
manual  processes  aren’t  suffi¬ 
cient  to  enable  companies  to 
stay  current  with  patches,  said 
Anthony  DeVoto,  Windows 
NT  administrator  at  Volvo 
Finance  North  America  in 
Montvale,  N.J. 

There  is  a  need  for  tools 
that  help  companies  “more 
readily  identify  patches  that 
are  applicable  to  their  specific 
operating  environments,”  said 
Carl  Cammarata,  chief  infor¬ 
mation  security  officer  at 
AAA  Michigan  in  Dearborn. 

With  the  dramatic  increase 
in  the  number  of  vulnerabili¬ 
ties  being  reported,  it  has  be¬ 
come  important  for  compa¬ 
nies  to  have  tools  that  can  au¬ 
tomatically  deploy  only  the 
patches  that  matter,  users  said. 

According  to  the  CERT  Co¬ 
ordination  Center  in  Pitts¬ 
burgh,  more  than  4,000  soft¬ 
ware  vulnerabilities  were  re¬ 


ported  in  2002,  compared  with 
2,400  in  2001.  Just  under  2,000 
were  reported  through  July  of 
this  year. 

“Patch  management  seems 
to  have  found  itself  a  full-time 
position  within  IT  security  de¬ 
partments,”  DeVoto  said. 

Volvo  is  a  user  of  St.  Ber¬ 
nard’s  patch  management  soft¬ 
ware  and  was  able  to  deploy 
the  patches  for  Blaster  in  a 
matter  of  hours,  DeVoto  said. 
Despite  the  automatic  distrib- 


BY  MATT  HAMBLEN 

Network  Associates  Inc.  last 
week  announced  network  and 
security  management  software 
for  small  and  midsize  users, 
saying  that  the  products  top 
out  in  price  at  about  half  of 
the  $12,000  starting  cost  for  its 
enterprise-class  Sniffer  tools. 

The  new  Netasyst  Network 
Analyzer  software  is  designed 
for  use  in  managing  10/100 
Ethernet  installations  and 
802.11  wireless  networks  at 
companies  with  up  to  500  end 
users,  said  Chris  Thompson, 
vice  president  of  product  mar¬ 
keting  at  Network  Associates 
in  Santa  Clara,  Calif. 

Netasyst  can  automate  net¬ 
work  and  application  prob¬ 
lem-resolution  efforts  and 
provide  IT  managers  with 
packet-level  data  about  net¬ 
work  performance  and  the 
functioning  of  firewalls,  intru¬ 
sion-detection  systems  and 
other  security  technologies, 
Thompson  said. 

Austin  Bank  began  testing 
Netasyst  early  last  month  on 
a  network  that  supports  oper¬ 
ations  at  19  branch  offices, 
said  Jeff  Sowell,  a  network  en¬ 
gineer  at  the  Jacksonville, 
Texas-based  bank.  The  bank 
has  used  the  tool  to  monitor 


ution  that’s  enabled  by  St. 
Bernard,  no  patching  is  done 
without  testing  the  software 
first,  DeVoto  added. 

The  fact  that  patches  still 
need  to  be  tested  before  they 
can  be  deployed  has  Bruce 
Azuma,  corporate  director  of 
information  technologies  at 
Broadview,  Ill.-based  Wilbert 
Inc.,  considering  outsourcing 
the  company’s  patch  manage¬ 
ment  functions.  “Patching  is  an 
area . . .  we  have  a  lot  of  issues 
with  at  this  time,”  he  said.  I 


MORE  BUSTER 

Read  more  about  the  Blaster  worm  on  our 
special  coverage  page: 

QuickLink  a3580 
www.computerworld.com 


slow  response  times  on  a  Mi¬ 
crosoft  SQL  Server  database 
application  and  to  track  an 
apparent  network  intruder, 
who  turned  out  to  be  a  tele¬ 
phone  technician  who  was  us¬ 
ing  the  network  for  mainte¬ 
nance  purposes  without  noti¬ 
fying  the  bank. 

Sowell  said  he  looked  at 
several  network  management 
products  but  liked  the  idea 
of  using  a  tool  from  a  well- 
known  vendor.  In  addition, 
Netasyst  turned  out  to  be  easy 
to  use.  An  Expert  Analysis  fea¬ 
ture  “is  handy  for  somebody 


Netasyst 

Network  Analyzer 


■  Starts  at  $1,395  for  manage¬ 
ment  tools  that  can  pinpoint  the 
root  causes  of  network  problems 
on  10/100  Ethernet  LANs  but 
don't  include  Network  Associ- 
ates’  Expert  Analysis  technology. 

■  Includes  five  other  product 

offerings,  with  a  high-end  ver¬ 
sion  that  provides  the  Expert 
Analysis  capabilities,  supports 
both  wired  and  wireless  LANs 
and  costs  $6,590. _ 

■  Network  Associates  said  all 
six  versions  include  one  year 
of  free  product  support. 


PRODUCT  INFO 


A  sampling  of  patch 
management  products: 

VENDOR:  Shavlik  Technologies 

PRODUCT:  HFNetChkPro 

COMMENTS:  Deploys  patches  in 
several  environments,  including 
WindowsNT,  XP  and  2000; 
Windows  Server  2003;  Microsoft 
Exchange;  and  Java  virtual 
machines. 


VENDOR:  St.  Bernard  Software 

PRODUCT:  UpdateExpert 

COMMENTS:  A  new  feature  in 
the  latest  version  allows  the  soft¬ 
ware  to  be  managed  by  Hewlett- 
Packard  Co.’s  OpenView. 


like  me  that  doesn’t  do  this 
every  day,”  he  said.  “It  makes 
any  idiot  pretty  good  at  ana¬ 
lyzing  traffic.” 

Network  Associates  is  pri¬ 
marily  known  as  a  vendor  of 
security  software  for  large 
companies,  said  Stephen 
Elliot,  an  analyst  at  IDC  in 
Framingham,  Mass.  But  the 
network  management  market 
for  smaller  businesses  is  frag¬ 
mented  and  not  well  served  by 
management  tools  vendors 
such  as  IBM’s  Tivoli  Software 
unit,  Computer  Associates  In¬ 
ternational  Inc.  and  Hewlett- 
Packard  Co.,  Elliot  said. 

The  closest  competitors  to 
Netasyst  are  products  from 
Ipswitch  Inc.  in  Lexington, 
Mass.,  WildPackets  Inc.  in 
Walnut  Creek,  Calif.,  and  Net¬ 
work  Instruments  LLC  in  Min¬ 
neapolis,  he  added. 

Netasyst  is  based  on  tech¬ 
nology  that’s  used  in  the  Snif¬ 
fer  product  line,  Thompson 
said.  But  the  new  offering  will 
be  sold  as  software,  whereas 
most  of  the  Sniffer  products 
are  appliances  that  include 
both  software  and  dedicated 
hardware. 

Another  distinction  be¬ 
tween  the  two  technologies  is 
that  Netasyst  won’t  work  on 
Gigabit  Ethernet  networks  or 
over  WANs,  Thompson  said.  I 


Network  Associates  Adds  Low-End 
Management  and  Security  Tools 

Pricing  about  half  the  cost  of  Sniffer  line 
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Military  Unit  Expands  Use  of  Monitoring 
Tools  to  Detect  Performance  Glitches 


Transcom  measures  application 
response  times  with  robotic  probes 


BY  MATT  HAMBLEN 

The  U.S.  military’s  unified 
transportation  unit  is  expand¬ 
ing  a  deployment  of  network 
management  tools  and  robotic 
PCs  that  monitor 
end-user  experi¬ 
ences  on  the  global 
system  used  to  make 
sure  that  troops, 
weapons  and  supplies  arrive 
on  time  and  in  the  right  places. 

The  U.S.  Transportation 
Command  (Transcom)  for 
more  than  a  year  has  been  us¬ 
ing  24  PCs  that  function  as  au¬ 
tomated  probes  in  an  effort  to 
detect  performance  problems 
affecting  users  at  its  1,100- 
worker  headquarters  at  Scott 
Air  Force  Base  in  Belleville,  Ill. 
Now,  the  unit  is  beginning  to 
roll  out  the  technology  for  use 
on  the  transportation  systems 
run  by  the  U.S.  Air  Force, 
Army  and  Navy. 

Frank  Barncord,  a  civil  ser¬ 
vant  who  is  team  leader  of 


Transcom’s  service-assurance 
section,  declined  to  disclose 
details  about  the  wider  de¬ 
ployment  plans.  But  he  said 
Transcom  is  expanding  the 

use  of  the  automat¬ 
ed  probes  to  the 
various  military 
branches  because 
the  technology  has 
helped  improve  performance. 

The  command’s  IT  staff 
“has  been  able  to  identify  ser¬ 
vice  failures  ahead  of  system 
failures,”  Barncord  said.  “We 
don’t  want  customers  to  tell  us 
when  something  is  wrong.” 

The  robotic  PCs  used  by 
Transcom  are  equipped  with 
BMC  Software  Inc.’s  Patrol 
End-to-End  Response  Timer 
software,  which  starts  at 
$5,000  per  system,  plus  a  set  of 
custom  reporting  tools. 

The  PCs  are  programmed  to 
periodically  run  different  appli¬ 
cations  and  measure  how  much 
time  it  takes  to  access  databas¬ 


es,  internal  Web  pages  and  oth¬ 
er  computing  resources. 

Barncord  said  Transcom 
built  a  prototype  of  the  system 
in  2001,  two  years  after  it 
launched  a  project  involving 
the  use  of  eight  other  BMC  Pa¬ 
trol  products  to  manage  differ¬ 
ent  systems  on  its  network. 

After  the  initial  Patrol  in¬ 
stallation,  Transcom  recorded 
a  239%  increase  in  its  average 
time  between  system  failures, 
according  to  Barncord.  But 
that  still  wasn’t  enough  to  im¬ 
prove  end-user  performance 
to  desired  levels,  so  the  com¬ 
mand  turned  to  the  robotic 
PCs.  The  deployment  at 
Transcom  headquarters  began 
several  months  after  the 
prototype  was  demonstrated 
in  September  2001. 

Undetected  Problems 

Doug  Story,  a  lead  contractor 
at  NCI  Information  Systems 
Inc.  in  McLean,  Va.,  who  is 
working  with  Transcom,  said 
the  PCs  can  alert  systems  ad¬ 
ministrators  to  performance 
problems  that  might  otherwise 
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THE  MILITARY’S  transportation  unit,  called 
Transcom,  is  using  robotic  PCs  to  help 
ensure  that  troops  have  what  they  need. 


go  undetected. 

For  example,  about 
two  months  ago,  the  PCs 
detected  slow  user  re¬ 
sponse  times  on  a  variety 
of  applications,  which 
were  traced  two  days  lat¬ 
er  to  a  proxy  server  that 
had  been  improperly  re¬ 
booted,  Story  said. 

And  six  months  ago, 
when  some  end  users 
were  moved  to  a  fail¬ 
over  site,  the  PCs  found 
slow  response  times, 
even  though  Transcom’s 
network  monitoring 
tools  showed  everything 
running  properly.  Even¬ 
tually,  a  database  admin¬ 
istrator  identified  the 
culprit:  a  database  that 
needed  to  be  defrag¬ 
mented. 

Transcom  is  about  to  begin 
a  thorough  study  of  the  effec¬ 
tiveness  of  BMC’s  tools.  But 
Lt.  Col.  Scott  Ross,  a  spokes¬ 
man  for  the  command,  said 
the  software  has  helped  Trans¬ 
com  perform  much  more  effi¬ 
ciently  during  operations  in 
Iraq  and  Afghanistan  than  it 
was  able  to  do  during  the  Per¬ 
sian  Gulf  war  in  1991. 

Jean-Pierre  Garbani,  an  ana¬ 
lyst  at  Forrester  Research  Inc. 


in  Cambridge,  Mass.,  said  that 
Transcom’s  use  of  robotic  PCs 
to  measure  end-user  perfor¬ 
mance  is  advanced  compared 
with  what  most  IT  depart¬ 
ments  do. 

But  he  added  that  corporate 
network  managers  should 
make  similar  measurements, 
“because  applications  have 
grown  so  complex  that  no¬ 
body  has  a  good  picture  of 
how  an  application  works.”  I 


Dell  to  Release  Network 
Management  Software 

Tools  are  free  for  users  of  its  switches 


BY  MATT  HAMBLEN 

Dell  Inc.  this  week  will  an¬ 
nounce  a  set  of  network  man¬ 
agement  tools  that  it  plans  to 
offer  at  no  extra  cost  to  users 
of  its  PowerConnect  line  of 
switches. 

The  OpenManage  Network 
Manager  software  is  designed 
to  help  IT  staffers  centralize 
the  management  of  PowerCon¬ 
nect  installations  that  include 
more  than  10  switches,  said  Ul¬ 
rich  Hansen,  a  senior  product 
manager  at  Dell,  which  entered 
the  market  for  networking 
equipment  two  years  ago. 

Network  managers  will  be 
able  to  use  the  software  to  de¬ 
ploy  Firmware  updates  and 


change  the  configurations  of 
multiple  switches  with  a  sin¬ 
gle  operation,  saving  time  and 
money  compared  with  doing 
such  work  on  individual  de¬ 
vices,  Hansen  said.  In  addi¬ 
tion,  the  new  products,  which 
join  existing  OpenManage 
tools  for  servers  and  PCs,  can 
track  networking  gear  made 
by  rival  vendors,  diagnose  net¬ 
work  problems  and  schedule 
data  backup  operations. 

Dell’s  network  management 
tools  could  be  useful  to  IT 
managers  at  small  and  midsize 
businesses,  said  Stephen  Elliot, 
an  analyst  at  IDC  in  Framing¬ 
ham,  Mass.  But  he  added  that 
they  won’t  compete  against 


OpenManage 

Network  Manager 

includes: 

■  Discovery  and  mapping  of 
networking  equipment 

■  Management  of  devices  on  an 
individual  basis  or  in  groups 

■  Event  management  when 
network  problems  occur 

■  Automated  scheduling  of 
maintenance  and  upgrades 

■  Performance  monitoring 


the  software  suites  sold  by 
BMC  Software  Inc.,  Computer 
Associates  International  Inc., 
Hewlett-Packard  Co.  and 
IBM’s  Tivoli  Software  unit  for 
managing  large  networks. 

Instead,  Dell’s  technology  is 
comparable  to  Cisco  Systems 
Inc.’s  Cisco  Works  software 
and  products  developed  by 


Lexington,  Mass.-based  Ip- 
switch  Inc.,  Elliot  said. 

Steven  Cartwright,  director 
of  systems  and  support  at  Om¬ 
nium  Worldwide  Inc.  in  Oma¬ 
ha,  said  the  financial  services 
firm  plans  to  test  Dell’s  soft¬ 
ware  on  its  network,  which  in¬ 
cludes  80  PowerConnect 
switches  that  are  deployed  in 
networking  closets  and  its 
data  center. 

Omnium  already  uses  Open¬ 
Manage  technology  to  control 
about  1,000  PCs  and  100 
servers  made  by  Dell,  so  the 
network  management  tools 
“will  really  fit  well  in  our  envi¬ 
ronment,”  Cartwright  said. 

The  company  has  been  us¬ 
ing  the  PowerConnect  switch¬ 
es  for  the  past  18  months.  The 
Dell  devices  cost  about  one- 
third  as  much  as  comparable 
switches  from  market  leader 
Cisco  and  have  performed 
well,  Cartwright  said.  But  he 
added  that  Omnium  plans  to 


keep  using  Cisco  products  as 
its  primary  data  center  switch¬ 
es  and  put  PowerConnect  on 
the  edges  of  its  network. 

Another  Dell  user,  Intervet 
Inc.  in  Millsboro,  Del.,  also 
plans  to  evaluate  the  new 
management  software  as  its 
network  grows  larger,  said 
Chad  Elliott,  a  technology 
team  leader  at  the  maker  of 
animal  health  care  products. 

Intervet  has  installed  four 
Dell  switches  as  well  as  de¬ 
vices  made  by  Cisco.  The  net¬ 
work  management  tools  will 
add  to  the  “whole  equation”  for 
justifying  the  use  of  Dell’s  hard¬ 
ware,  Elliott  said.  “From  what 
I’ve  heard  about  the  software,  it 
does  sound  valuable,”  he  added. 

Dell  offers  eight  PowerCon¬ 
nect  products  and  has  sold 
about  50,000  of  the  switches 
thus  far,  according  to  Hansen. 
“We’re  still  a  recent  addition 
to  the  market,  and  we  have 
room  to  grow,”  he  said.  I 
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Overseer  Calls  for 
Changes  at  MCI . . . 

WorldCom  Inc.’s  court-appointed 
monitor  filed  a  report  recommend¬ 
ing  78  corporate  governance 
changes  at  the  company,  which 
now  does  business  under  its  MCI 
brand  name.  Included  is  a  separa¬ 
tion  of  the  chairman  and  CEO  jobs 
now  both  held  by  Michael  Capel- 
las.  MCI  said  its  board  worked  col- 
laboratively  on  the  report  and  has 
already  voted  to  adopt  all  of  the 
recommendations. 


. . .  While  Oklahoma 
Charges  Company 

Meanwhile,  Oklahoma’s  attorney 
general  filed  15  felony  charges 
against  MCI  and  six  of  its  former 
executives  over  the  accounting 
scandal  that  led  to  its  bankruptcy 
filing.  MCI  said  it  will  cooperate 
but  claimed  that  pursuing  the  case 
would  punish  its  customers  and 
employees.  Also,  MCI  launched  an 
offer  to  buy  the  remaining  shares 
of  Digex  Inc.,  a  Laurel,  Md. -based 
hosting  vendor  in  which  it  owns  a 
controlling  interest. 


Attack  Takes  Down 
SCO’s  Web  Site 

The  SCO  Group  Inc.’s  Web  site 
was  inaccessible  from  Aug.  22 
through  Aug.  25  because  of  a 
denial-of-service  attack,  the  sec¬ 
ond  attack  launched  against  the 
Lindon,  Utah-based  company 
since  May.  The  site  was  also  off¬ 
line  for  about  10  hours  on  Aug. 
26.  But  SCO,  which  is  mounting 
a  controversial  legal  campaign 
against  Linux,  said  that  outage 
was  due  to  work  it  did  in  an  at¬ 
tempt  to  mitigate  the  effects  of 
any  future  attacks. 


Short  Takes 

MIT  confirmed  that  one  of  its  Web 
sites  was  taken  off-line  after 
hackers  overwrote  all  of  the  site’s 
files. . . .  COMDISCO  HOLDING  CO. 
in  Rosemont,  III.,  plans  to  sell  the 
assets  of  its  U.S.  IT  equipment 
leasing  business  to  BAY4  CAPITAL 
PARTNERS  LLC  in  Tampa,  Fla. 


First  U.S.  Automated 
Alert  Net  Goes  Live 


RAINS-Net  a  model 
for  possible  national 
system,  creators  say 

BY  DAN  VERTON 

FTER  16  months  of 
development  and 
testing,  a  public/pri¬ 
vate  security  part¬ 
nership  based  in  Oregon  has 
activated  what’s  being  de¬ 
scribed  as  the  nation’s  first 
fully  automated,  Web-based 
regional  security  alert  system. 

Known  as  RAINS-Net  and 
developed  by  the  Regional  Al¬ 
liances  for  Infrastructure  and 
Network  Security,  a  partner¬ 
ship  of  60  IT  vendors  and 
more  than  300  public  and  pri¬ 
vate  organizations,  the  system 
will  provide  automated  alerts 
from  the  Portland  911  center  to 
schools,  hospitals,  corporate 
building  managers  and  others. 

The  network,  which  started 
as  a  pilot  project  in  March,  has 
applications  for  any  national 
system  that  the  U.S.  Depart¬ 


ment  of  Homeland  Security 
(DHS)  might  try  to  create. 
Charles  Jennings,  chairman 
of  the  RAINS  alliance,  and 
others  have  already  briefed 
the  DHS  on  the  network  and 
obtained  federal  assistance 
in  setting  up  and  designing 
RAINS-Net  to  be  capable  of 
supporting  future  homeland 
security  requirements. 

There  are  currently  two 
RAINS  chapters,  in  Oregon 
and  Washington  state.  How¬ 
ever,  RAINS  executives  are  in 
discussions  with  three  other 
states  about  expanding  the 
network  and  alliance  member¬ 
ship,  Jennings  said. 

Jennings  said  other  states 
could  replicate  the  RAINS  ap¬ 
proach  for  much  less  than  the 
$5  million  initial  development 
price  —  a  bargain,  he  said, 
given  the  payoff.  RAINS-Net 
in  Oregon  is  the  result  of  a 
$60,000  state  grant,  thousands 
of  hours  of  volunteer  software 
development  work  and  tech¬ 
nologies  donated  by  big  IT 


companies  that  are  based  in 
Oregon  or  have  a  major  pres¬ 
ence  there,  including  Intel 
Corp.,  Fortix  Inc.,  Tripwire 
Inc.,  Swan  Island  Networks 
Inc.  and  Centerlogic  Inc. 

“Our  nation’s  security  ex¬ 


perts  have  acknowledged  the 
need  for  a  better  way  to  com¬ 
municate  sensitive  informa¬ 
tion  and  to  coordinate  emer¬ 
gency  response,  [which  is] 
especially  critical  in  post-9/11 
America,”  said  Susan  Zevin, 
acting  director  of  the  Informa¬ 
tion  Technology  Laboratory 
at  the  National  Institute  of 
Standards  and  Technology  in 
Washington.  “The  RAINS-Net 
approach  can  serve  as  a  model 
that  could  be  adopted  by  cities 
throughout  the  nation.”  I 
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Vendor  Upgrades  Tools  for  Detecting 
Security  Flaws  During  App  Development 


BY  JAIKUMAR  VIJAYAN 

Security  vendor  Sanctum  Inc. 
last  week  announced  an  en¬ 
hanced  version  of  its  AppScan 
software  suite  aimed  at  help¬ 
ing  companies  detect  and  fix 
security  flaws  during  applica¬ 
tion  development. 

Sanctum’s  AppScan  4.0 
suite  features  new  automated 
testing  tools  that  enable  qual¬ 
ity  assurance  (QA)  and  audit 
staff  to  test  Web  applications 
for  security  defects  before 
they’re  deployed. 

The  AppScan  4.0  QA  edi¬ 
tion  allows  quality  testers  to 
automatically  create  cus¬ 
tomized  scripts  for  testing, 
comparing  and  validating  po¬ 
tential  security  defects  in  Web 
applications,  according  to 


Steve  Orrin,  Sanctum’s  chief 
technology  officer. 

Integrating  security  testing 
into  the  application  develop¬ 
ment  life  cycle  is  a  lot  more 
efficient  than  finding  flaws  in 
the  postdeployment  phase, 
when  the  risks  and  costs  are 
much  higher,  said  Pete  Lind- 
strom,  an  analyst  at  Spire  Se¬ 
curity  LLC  in  Malvern,  Pa. 

The  Earlier  the  Better 

Health  equipment  manufac¬ 
turer  The  Nautilus  Group  in 
Vancouver,  Wash.,  has  used  an 
earlier  version  of  Sanctum’s 
software  to  test  for  defects  in 
Web  applications  that  have  al¬ 
ready  been  deployed. 

“What  we  found  out  was 
that  it  was  very  expensive  to 


catch  security  omissions  and 
mistakes”  at  that  stage,  said 
Mark  Shmulevsky,  a  systems 
architect  at  Nautilus.  As  a  re¬ 
sult,  the  company  recently  be¬ 
gan  using  Sanctum’s  testing 


NEW  PRODUCT 

AppScan  4.0 
QA  Edition 

■  Creates  customized  tests 
for  application  security. 

■  Facilitates  communication 
of  defect  root  cause  to 
developers  and  other 
personnel. 

■  Exports  results  to  standard 
defect  tracking  and  man¬ 
agement  systems. 


tools  during  the  application 
development  and  quality  test¬ 
ing  processes  as  well,  with  im¬ 
pressive  results,  he  said. 

The  tools  enabled  Nautilus 
to  discover  flaws  in  code  that 
could  lead  to  threats  such  as 
cookie  poisoning,  code  injec¬ 
tion  and  manipulation,  and 
buffer  overflows  on  the  Inter¬ 
net,  according  to  Shmulevsky. 

“My  developers  were  very 
pleased  to  know  they  could 
concentrate  on  sizing  buffers 
to  prevent  overflows  during 
the  early  development  stages,” 
Shmulevsky  said. 

Sanctum  isn’t  alone  in  this 
particular  market.  Other  ven¬ 
dors  with  similar  tools  include 
SPI  Dynamics  Inc.  in  Atlanta, 
KaVaDo  Inc.  in  New  York  and 
Cenzic  Inc.  in  Campbell,  Calif. 

“Any  large  company  that  is 
doing  significant  Web  devel¬ 
opment  is  looking  at  these 
tools,”  Lindstrom  said.  I 
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Global  Standard  Will  Force  Changes  in  Banks’  IT 


Tighter  database  integration,  new  risk 
management  engines  will  be  needed 


BY  LUCAS  MEARIAN 

A  proposed  international  reg¬ 
ulation  that  would  require 
banks  to  tighten  their  integra¬ 
tion  of  different  back-office 
systems  and  use  more  sophis¬ 
ticated  risk  management  tools 
is  expected  to  be  finalized  in 
the  fourth  quarter,  thus  push¬ 
ing  companies  to  begin  cap¬ 
turing  customer  data  for  com¬ 
pliance  purposes  by  late  2004. 

The  Bank  for  International 
Settlements  (BIS)  in  Basel, 
Switzerland,  is  overseeing 
development  of  the  new  stan¬ 
dards,  and  it  plans  to  require 
the  10  largest  U.S.  banks  to 
comply  by  the  end  of  2006. 
From  an  IT  standpoint,  the 
proposal  being  considered  by 
the  BIS  calls  for  banks  to  take 
steps  such  as  developing 
rules-based  risk  management 
engines  and  knitting  together 
customer  databases. 

Complying  with  the  new 
Basel  Capital  Accord,  which 
is  known  as  Basel  II,  could 
cost  the  U.S.  financial  ser¬ 
vices  industry  $12  billion  by 
2006,  according  to  a  report  re¬ 
leased  last  month  by  Tower- 
Group  in  Needham,  Mass. 

Approximately  20  of  the 
nation’s  largest  banks  would 
likely  have  to  spend  between 
$50  million  and  $100  million 
each  on  technology  in  order  to 
minimize  the  amount  of  mon¬ 
ey  they  must  keep  in  reserve 
to  offset  credit  and  business 
risks,  said  TowerGroup  ana¬ 
lyst  Guillermo  Kopp. 

Exercising  Caution 

If  it’s  approved  as  expected, 
Basel  II  will  increase  the  mini¬ 
mum  amount  of  money  that 
banks  need  to  set  aside  to  cov¬ 
er  potential  risks,  which  cur¬ 
rently  equals  8%  of  the  total 
capital  they  have  on  hand.  The 
regulation  will  also  add  a  new 
category  of  operational  risk 
management,  involving  possi¬ 
ble  problems  such  as  late  pay¬ 
ments  or  trades  that  don’t  get 
processed  because  of  systems 
or  data-entry  errors. 


But  Basel  II  would  provide 
undetermined  financial  incen¬ 
tives  for  institutions  that  man¬ 
age  risk  more  proactively 
through  the  use  of  rules-based 
engines  and  internal  reporting 
standards,  Kopp  said.  He  added 
that  improved  automation  of 
internal  processes  also  could 
produce  money-saving  effi¬ 
ciencies  and  help  users  mini¬ 
mize  their  exposure  to  risks. 

Nonetheless,  the  Basel  II 
proposal  is  generating  con¬ 
cerns  among  both  large  banks 
and  smaller  institutions. 

For  example,  America’s 


Plans  to  acquire 
two  vendors, 
invest  in  a  third 


BY  LUCAS  MEARIAN 

McData  Corp.  last  week  an¬ 
nounced  plans  to  acquire  two 
vendors  of  storage  networking 
products  and  invest  in  a  third 
company,  as  part  of  an  effort  to 
gain  a  functionality  edge  over 
storage  switch  rivals  Brocade 
Communications  Systems  Inc. 
and  Cisco  Systems  Inc. 

Broomfield,  Colo.-based 
McData  said  it  will  buy  Nishan 
Systems  Inc.  for  $83  million  in 
cash  and  pay  $102  million  for 
Sanera  Systems  Inc.  In  addi¬ 
tion,  McData  is  paying  $6  mil¬ 
lion  to  Aarohi  Communica¬ 
tions  Inc.  for  a  15%  ownership 
stake  and  the  right  to  use  the 
San  Jose  company’s  software 
and  processors  in  a  new  line 
of  intelligent  switches. 

Together,  the  three  deals 
are  designed  to  help  McData 
broaden  its  existing  line  of  di¬ 
rectors  for  Fibre  Channel  stor¬ 
age-area  networks  (SAN)  to 
include  storage-over-IP  capa¬ 
bilities.  The  technology  addi¬ 
tions  will  also  expand  the  port 
count  on  the  devices  it  sells 


Community  Bankers  (ACB),  a 
trade  group  in  Washington 
that  represents  local  banks,  is 
opposed  to  Basel  II  as  it  cur¬ 
rently  stands.  ACB  spokesman 
Jim  Eberle  said  the  group  be¬ 
lieves  that  requiring  the  instal¬ 
lation  of  sophisticated  IT  sys¬ 
tems  would  place  an  unfair  Fi¬ 
nancial  burden  on  small  banks 
and  savings-and-loan  firms. 
“It’s  our  understanding  that  it 
does  require  a  big  outlay  for  a 
small  institution  to  be  able  to 
do  the  calculations  for  internal 
risk  models,”  Eberle  said. 

Meanwhile,  Citigroup  Inc. 
Chief  Financial  Officer  Todd 
Thomson  said  in  a  July  31  let¬ 
ter  to  the  BIS  committee  shep¬ 
herding  the  Basel  II  proposal 


from  a  maximum  of  140  now 
to  256,  said  Mike  Gustafson, 
senior  vice  president  of  world¬ 
wide  marketing  at  McData. 

Sunnyvale,  Calif.-based  San¬ 
era  previewed  its  256-port 
DS10000  Datacenter-Class 
Director  at  the  Storage  Net¬ 
working  World  conference  in 
April  but  has  yet  to 
ship  the  product. 

Gustafson  said  that 
in  addition  to  the 
higher  port  count, 
a  key  technology 
being  developed  by 
Sanera  is  dynamic 
partitioning,  which  lets  IT 
managers  carve  up  a  switch 
in  order  to  support  different 
applications  separately. 

Nishan,  which  is  based  in 
San  Jose,  makes  multiprotocol 
switches  that  use  the  Internet 
Fibre  Channel  Protocol  and 
Internet  SCSI  to  transport 


Taking  on  Risk 

Banks  that  are  required  to 
comply  with  Basel  II  or  that 
decide  to  opt  in  will  have  to: 

BUILD  policy-based  software 
engines  to  determine  the  credit 
risk  of  customers. 

TIE  together  islands  of  cus¬ 
tomer  data  to  better  track  their 
transaction  records. 

DEVELOP  internal  business 
rules  designed  to  mitigate 
operational  risks. 


that  measures  proposed  in  the 
latest  revisions  would  place 
banks  on  an  uneven  playing 
field  with  one  another  and  put 


block-level  data  over  Ether¬ 
net.  Nishan’s  switches  encap¬ 
sulate  Fibre  Channel  and  SCSI 
data  packets  with  IP  headers, 
allowing  users  to  connect 
low-end  servers  to  SANs  for 
data  backups  or  to  link  remote 
SANs. 

Gustafson  said  McData  ex¬ 
pects  to  close  the  acquisition 
deal  by  October  and  then  im¬ 
mediately  make  Nishan’s 
switches  available  to  storage 
vendors  on  an  OEM  basis. 

Sanera’s  switch  is 
in  beta-testing  and 
is  due  for  shipment 
in  next  year’s  first 
quarter,  he  added. 

Support  for  the 
Fibre  Channel  over 
IP  protocol  also 
is  in  McData’s  product  plans, 
and  the  company  intends  to 
bring  together  the  new  de¬ 
vices  and  its  existing  switches 
under  a  single  management 
platform. 

Denis  Van  Dale,  network 
administrator  at  Steinbach 
Credit  Union  Inc.  in  Stein- 


A  Look  at  the  Technologies  McData  Is  Buying 

Internet  SCSI  protocol  support  for  connecting  remote  servers  to  SANs 
Fibre  Channel  over  IP  capabilities  for  tunneling  between  SANs 
Data  mirroring  and  replication  functionality  through  a  SAN  switch 
A  256-port  director  that  can  be  clustered  to  support  up  to  1,024  ports 


McData  Aims  to  Buy  its  Way 
To  Better  Storage  Switches 


ARRAY  UPGRADE 

IBM  beefs  up  its  FAStT600 
midrange  disk  array: 
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them  at  a  disadvantage  against 
other  financial  services  firms. 

The  policy-based  systems 
envisioned  by  BIS  would  be 
tied  to  so-called  advanced 
measurement  approaches  re¬ 
quiring  at  least  two  years  of 
historical  transaction  data 
about  customers.  To  meet 
Basel  II’s  2006  compliance 
deadline,  banks  would  have 
to  begin  implementing  the 
advanced  policy  engines  and 
capturing  data  next  year. 

According  to  TowerGroup’s 
report,  U.S.  banks  with  inter¬ 
national  operations  will  be 
hardest  hit  by  Basel  II’s  in¬ 
creased  capital  reserves  re¬ 
quirement.  But  the  impact  of 
the  new  regulation  will  be  felt 
more  widely,  Kopp  noted. 
“Over  time,  everybody  will 
need  to  comply,”  he  said.  ► 


bach,  Manitoba,  uses  Nishan’s 
switches  to  replicate  banking 
data  and  other  information 
from  the  company’s  primary 
data  center  to  a  backup  site 
over  a  wireless  IP  network 
[QuickLink  37171]. 

Van  Dale  said  that  for  now, 
he’s  not  concerned  about 
diminished  support  for  the 
switches  in  light  of  the  Mc¬ 
Data  buyout.  But,  he  added, 
“time  will  tell.” 

Follow  the  Leader 

Tom  Buiocchi,  director  of 
product  marketing  at  San  Jose- 
based  Brocade,  claimed  that 
McData  is  simply  playing 
catch-up  with  it  and  Cisco. 

“This  is  a  well-known  pro¬ 
gression  in  technology  that 
the  other  two  of  us  have  been 
offering  for  some  time  now,” 
Buiocchi  said.  For  example. 
Brocade  obtained  storage- 
over-IP  capabilities  when  it 
bought  Rhapsody  Networks 
Inc.  in  January. 

But  Nancy  Marrone-Hurley, 
an  analyst  at  Enterprise  Stor¬ 
age  Group  Inc.  in  Milford, 
Mass.,  said  McData  has  now 
surpassed  Brocade  on  func¬ 
tionality  and  is  going  head-to- 
head  with  Cisco,  which  also 
has  a  director-class  SAN 
switch  with  IP  capabilities. 

“Brocade  needs  to  play 
catch-up,”  she  said.  “They’re 
the  ones  that  are  behind.”  I 
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PIMM  FOX 


Rogue  Warriors 


HO’S  IN  CHARGE  HERE?  When  it 
comes  to  IT  projects,  that  would  be 
you  and  your  technology  group,  right? 
If  only  reality  would  stop  intruding. 


■ 


If  only  there  were  no 
such  thing  as  “rogue  IT,” 
the  catch-all  term  for 
those  unauthorized,  inde¬ 
pendent  purchases  of 
technology  that  scoot  be¬ 
neath  the  radar  of  almost 
every  sizable  IT  shop. 

This  uninvited  influx  may 
include  anything  from 
wireless  devices,  PDAs 
and  Linux  desktops  to  in¬ 
stant  messaging  or  PC 
applications.  In  “Dealing 
with  Rogue  IT,”  our  lead  management 
story  on  page  27  (and  online  at  Quick- 
Link  40666),  reporter  Gary  H.  Anthes 
examines  the  numerous  creative  ways 
senior  IT  managers  are  coping  with 
these  bootleg  projects. 

To  get  a  quantitative  fix  on  how 
serious  the  problem  is,  we  surveyed 
108  IT  professionals  on  Computer- 
world.com  and  found  that  a  rather  as¬ 
tonishing  90%  were  all  too  aware  of 
rogue  projects  under  way  in  their 
companies.  One  figure  in  particular 
leapt  out,  making  it  harder  to  casti¬ 
gate  those  unruly  users  for  taking 
matters  into  their  own  hands:  Our 
survey  respondents  admitted  that 
38%  of  their  unauthorized  IT  projects 
were  successful. 

Not  a  bad  score  for  a  bunch  of 
amateurs. 

Of  course,  the  downsides  of  rogue 
IT  can  be  just  as  striking.  Money 
squandered.  Business  operations  dis¬ 
rupted.  Company  security  compro¬ 
mised.  Small  departmental  systems 
blossoming  into  expensive,  badly  de¬ 
signed  enterprise  applications.  Ca¬ 
reers  scuttled.  As  one  CIO  in  our  sto¬ 
ry  lamented  in  the  aftermath  of  a  mi¬ 
nor  ERP  disaster,  “Had  they  come  to 
us  . . .  we’d  have  helped  them  choose 
[the  right  product],  helped  write  the 
scope  of  work,  identified  consultants, 
identified  hardware  and  generally 
played  a  significant  advisory  role.” 
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Those  last  three  words 
are  the  ones  to  focus  on: 
significant  advisory  role. 
The  future  of  IT  isn’t 
about  command  and  con¬ 
trol  —  it’s  about  forging 
deeper,  more  supportive 
relationships  with  your 
business  users.  Engage 
them.  Enlighten  them. 
Enable  them. 

“When  I  look  at  the  IT 
of  the  future,  it  really  be¬ 
comes  a  lot  more  of  a 
competency  center,  for  program  man¬ 
agement,  contract  management,  rela¬ 
tionship  management,”  says  Greg 
Schueman,  CTO  at  Mercury  Insur¬ 
ance  Group  in  Los  Angeles.  He  sees 
the  definition  of  rogue  IT  evolving  in 
a  more  positive  direction,  and  he 
hopes  that  IT  organizations  will 
evolve  with  it. 

How  to  do  that?  Consider  trying 
some  of  these  ideas: 

■  Focus  on  the  bright  financial  up¬ 
side.  Funding  IT  projects  through  the 
business  units  just  about  guarantees 


more  dedicated  ownership  and  in¬ 
volvement  on  their  parts. 

■  Infiltrate  user  departments  wher¬ 
ever  feasible.  At  Geisinger  Health  Sys¬ 
tem,  the  IT  people  who  support  the 
lab  equipment  share  space  with  the 
user  experts  who  manage  and  run  it. 

■  Encourage  a  certain  amount  of 
user  exploration,  but  keep  tabs  on  it. 
At  Blue  Cross  and  Blue  Shield  of  Min¬ 
nesota,  business  users  get  all  the  lee¬ 
way  they  want  during  the  technology 
assessment  phase  of  a  project.  But 
once  system  design  and  development 
kick  in,  so  does  the  IT  group. 

■  Make  sure  all  the  likely  suspects 
in  your  business  units  are  familiar 
with  your  corporate  technology  stan¬ 
dards,  including  databases,  PCs,  oper¬ 
ating  systems,  e-mail  and  query  tools. 
Make  it  known  which  vendors  are  pre¬ 
ferred  partners.  Who  wants  to  pay  full 
price  when  there’s  a  bargain  available? 

■  Ask  yourself  some  hard  questions 
about  why  users  are  hiding  their  tech¬ 
nology  needs  from  you.  How  much 
static  is  there  on  those  communica¬ 
tion  lines  between  IT  and  the  busi¬ 
ness  units? 

Finally,  assume  that  rogue  installa¬ 
tions  will  increase  in  the  future,  and 
plan  accordingly.  Figure  out  how  to 
join  forces.  Become  their  expert  ad¬ 
visers.  Get  back  in  charge.  I 


Dodge  Spam 
By  Going 
One-to-One 

I  GIVE  UP. 

After  spending  hours 
battling  Blaster  worm 
variants  and  setting  e-mail  fil¬ 
ters  to  block  Sobig.F,  I  surren¬ 
der.  The  e-mail  spammers,  hackers  and 
miscreants  win.  I  no  longer  expect 
e-mail  to  function  consistently.  It  acts 
more  like  a  vintage  automobile  that 
takes  constant  tinkering.  For  essential 
communication,  it’s  time  to  look  else¬ 
where. 

A  promising  alterative  is  a  one-to-one 
communications  channel  that  bypasses 
e-mail  entirely.  (No,  I’m  not  talking 
about  the  telephone.)  Ironically,  this  so¬ 
lution  comes  from  the  same  group 
blamed  for  lots  of  spam:  marketers. 

RealConnect  is  a 
small  client-side  ap¬ 
plication  that  works 
with  a  transactional 
server.  It  creates  a 
one-to-one  private 
communications 
channel.  And  it  was 
designed  by  San 
Rafael,  Calif. -based 
DataLode  Inc.  to  give 
marketers  a  way  to 
reach  customers. 

The  transactional 
server  waits  for  a  connecting  agent 
(the  thin  client)  to  be  verified  and  in 
real  time  relays  information  over  an 
open  port.  For  example,  a  user  might 
ask  a  trusted  online  vendor  for  a  travel 
itinerary  based  on  price  and  date.  When 
and  if  that  information  is  matched 
against  a  database,  a  one-to-one  mes¬ 
sage  is  sent  in  the  form  of  an  icon,  an 
audio  alert  or  an  instant  message.  The 
one-to-one  message  can  have  an  SMTP 
wrapper  enabling  interaction  with 
back-end  systems  and  navigation 
through  corporate  firewalls. 

The  procedure  was  created  because 
messages  customers  had  requested 
(for  example,  “Send  me  details  when  a 
product  is  on  sale  for  50%  off”)  were 
being  blocked  as  spam.  Indeed,  online 
travel  company  Orbitz  uses  the  tech¬ 
nology  to  notify  people  who  have  al¬ 
ready  approved  the  receipt  of  offers. 

While  this  one-to-one  private  chan¬ 
nel  was  built  to  make  selling  easier, 
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Storage  Networking  World*  Fall  2003  Sponsors  as  of  8/22/03 


For  more  information  visit  WWW.SnWUSa.COm/print  Or  call  1-800-883-9090  (1 508  820  8159) 

To  sponsor  and  participate,  call  Ann  Harris  at  1-508-820-8667 
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October  27-30, 2003 

JW  Marriott  Grande  Lakes  Resort 
Orlando,  Florida 

Co-owned  and  Produced  by:  Co-owned  and  Endorsed  by: 


Are  you  grappling  with  storage  • 
issues  in  this  tough  economic 
environment?  Want  to  find  out 
how  top  IT  executives  and  • 
managers  at  companies  like 
General  Motors,  MasterCard, 

UPS,  AOL  and  many  others  are 
coping?  Then  plan  to  be  at 
Storage  Networking  World! 


Storage  Management 

Enterprise  Infrastructure 

Business  Continuity 

Data  Management 
and  Security 

Emerging  Technologies 


Why  You  Should  Attend 


Benefit  From  the  Most  Comprehensive  Program 

No  other  storage  event  gives  you  a  program  so  rich  with  experiences  -  whether  they're 
industry  and  pre-certification  primers,  general  sessions,  tutorials,  opportunities  to  see 
technologies  at  work ...  or  the  rare  chance  to  talk  to  the  very  engineers  that  make  them  work. 

Easily  Navigate  an  Agenda  Packed 
With  Choices  and  Learning  Experiences 

No  other  storage  event  provides  an  agenda  woven  with  so  many  logical  choices  -  choices  that 
allow  you  to  tailor  your  valuable  time  to  your  very  specific  needs.  (See  the  full  agenda  at 
www.snwusa.com.) 

Get  an  Education  Endorsed  by  the  SNIA 

No  other  storage  event  offers  a  learning  experience  developed  and  sanctioned  by  the  industry’s 
most  influential  storage  association  -  highlighted  by  the  SNIA-delivered  technical  tutorials. 

Meet  Experts  and  Shop  in  the  Largest  Available 
Storage-specific  Solution  Mall 

No  other  storage  event  allows  you  to  see  all  the  players  and  solution  providers  in  one  place. 
It’s  literally  your  one-stop  “solution  mall." 


See  SNW’s  Flagship  interoperability  &  Solutions  Demo 


No  other  storage  event  gives  you: 

•  40-plus  SNIA  member  companies  collaborating 
on  integrated  solutions 

•  the  opportunity  to  meet 
leading  experts  and  engineers 

•  access  to  $25  million  worth 
of  proven  technology  in  action 
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w  IDC  Storage  Analyst  Briefing 
Learn  the  State  of  the  Storage  Market: 
2004  and  Beyond 

In  this  special  briefing,*  IDC’s  key  storage  analysts  will  present  the 
latest  industry  data,  insights  and  analysis  on  trends  affecting  storage 
vendors.  In  these  interactive  presentations,  IDC’s  analysts  will  bring 
you  up  to  speed  on  the  current  and  future  state  of  markets  for  stor¬ 
age  arrays,  SAN  infrastructure,  storage  components,  storage  man¬ 
agement  software,  and  storage  services.  Analysts  will  also  address 
topics  including: 

•  New  technology  adoption  (SATA,  iSCSI,  46B  FC) 

•  Emerging  storage  architectures  (content  aware  storage, 
nearline  storage,  tiered  storage) 

•  New  storage  network  infrastructure  (virtualization,  networked  storage 

•  Evolving  paths  to  market  for  storage  solutions 

‘This  session  is  intended  for  IT  vendors;  no  non-lDC  analysts  permitted 
in  this  special  session. 


Enjoy  Orlando’s  NEW 
JW  Marriott  Grande  Lakes  Resort! 


No  other  storage  event 
allows  you  to  learn, 
network  and  enjoy  the 
conference  in  such  a 
relaxing,  comfortable 
and  unique  setting. 


For  more  information  and  to  register, 
visit  www.snwusa.com/print  or  call  1-800-883-9090  (1-508-820-8159) 


Hear  User  Case  Studies 


DAN 

POLLACK 

Senior  System 
Administrator 
America  Online 


BRAD  LANCE 

FRIEDMAN  PERRY 

VP  of  Information  Vice  President 

Services  Worldwide  IT 

Burlington  Coat  Infrastructure 

Factory  Cisco  Systems,  Inc. 


JEFF 

PELOT 

CIO 

Denver  Health 


GEORGE  TONY 

PERRETTI  SCOn 

VP  for  Corporate  CTO 

Infrastructure  Information  Systems 
Contingency  Planning  &  Services 
Depository  Trust  and  General  Motors 
Clearing  Corporation 
(DTCC) 


LAURENCE  JERRY 

WHITTAKER  MCELHATTON 

Supervisor  President 

Enterprise  Storage  Global  Technology 
Management  and  Operations 
Hudson's  Bay  MasterCard 

Company  International 


MICHAEL  KEVIN 

GOODE  MERCER 

Director  Senior  Enterprise 

Storage  Services  Storage  Network 

Nielsen  Media  Manager 

Research  RBC  Financial 

Group 


LYNN  JIM 

NEAL  MEDEIROS 

Senior  Systems  IS  Systems  and 

Integrator  Services  Manager 
Sprint  United  Parcel  Service 


Learn  From  Industry  Experts 
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REYES 
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KARP 
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ROBERSON 
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CANEPA 

TOIGO 

VP  of  Technology 

Chairman  and  CEO 

Executive  Vice 

Senior  Analyst 

Founder  and 

industry  Analyst 

President  and  CEO 

Vice  President 

Corporate  VP 

CEO 

EVP 

CEO 

ADIC 

Brocade 

President  of  Open 

Enterprise 

Senior  Analyst 

Consultant  and 

Hitachi 

Tivoli  Storage 

Enterprise  Storage 

Quantum 

Network  Storage 

Toigo  Partners 

Communications 

Software  Operations 

Management 

Enterprise 

Founder 

Software 

Division 

Products  Group 

Systems 

EMC 

Associates 

Storage  Group 

Focus  Consulting 

IBM  Corporation 

Microsoft 

Sun  Microsystems 

Agenda  Snapshot*  ‘subject  to  change 

For  details,  updates,  and  to  register  visit  www.snwusa.com/prirri 

Monday,  October  27 

(Pre-Conference  Activity  and  Tutorial  Sessions) 

9:30am-11:30am  Industry  Primer.  Career  Development  and  Skills  Development  Tracks 
1:00pm-5:30pm  SNIA  Tutorial  Sessions 
1:00pm-6:00pm  Golf  Outing  at  the  Ritz  Carlton  Dolt  Course 
7:00pm-9:00pm  Welcoming  Reception 

Tuesday,  October  28 

(General  Conference  -  Day  One) 

7:15am-8:15am  Continental  Breakfast 

8:15am-9:15am  Opening  Remarks  and  Visionary  Presentation 

9:15am-12:15pm  General  Sessions 

12:15pm-1:30pm  Networking  Luncheon 

1:30pm-3:50pm  General  Sessions 

4:00pm-5:30pm  Technical.  Technical/Business  and  Business  Tracks 
5:30pm-8:30pm  Expo  and  Buffet  Dinner.  Interoperability  and  Solutions  Demo 

Wednesday,  October  29 

(General  Conference  -  Day  Two) 

7:30am-10:30am  IDC  Breakfast  Briefing 
8:15pm-Noon  General  Sessions 
Noon-1:30pm  Expo  and  Buffet  Lunch 
Noon-7:15pm  Interoperability  &  Solutions  Demo 
1:35pm-3:35pm  General  Sessions 

3:45pm-5:15pm  Technical,  Technical/Business,  Business  and  SNIA  Tracks 
5:15pm-7:15pm  Expo 
7:30pm-9:00pm  Gala  Evening 

Thursday,  April  17 

(Tutorial  and  Breakout  Sessions) 

7:30am-8:30am  Continental  Breakfast 

8:30am-11:45am  Technical.  Technical/Business,  Business  and  SNIA  Tracks 
11:45am  Conference  Concludes 


Register  Today! 


Options  for  IT  End-Users* 

Earlybird  Registration 

(through  September  12) 

On-Site  Registration 

(after  September  12) 

General  Conference  Package  (Oct.  28, 29): 

(Includes  General  Conference  sessions,  Expo, 

Meals  and  Receptions) 

$895 

$1,295 

Total  4-day  Package  (Oct.  27, 28, 29, 30): 

(Includes  General  Conference  Package;  Technical  and 
Business  Tracks;  SNIA-produced  Tutorials;  Pre-certification 
Refresher  Courses) 

$1,290 

$1,690 

Options  for  IT  Vendors** 

Total  4-day  Package  (Oct.  27, 28, 29, 30): 

$1,290 

$1,690 

(Available  to  Sponsoring  Vendors  and  their  Resellers/Integrators;  Industry  Consultants:  and  Storage  Solutions  Implementors) 

Non-Sponsoring/Exhibiting  Vendor  Package: 

$5,000 

$5,000 

*  IT  End-Users  are  defined  as  those  who  are  attending  Storage  Networking  World  with  an  intent  (and  an  IT  spending  budget)  to  potentially  buy/pur¬ 
chase  hardware/software/services/etc.  from  our  conference  sponsors  and  exhibitors.  As  such,  account  representatives/business  development  from 
any  company,  analysts,  venture  capitalists,  and  anyone  else  attendiog  who  does  not  have  IT  purchasing  influence  within  their  organization  are 
excluded  from  the  “IT  End-User"  designation.  Enforcement  of  this  interpretation  and  policy  is  at  the  sole  discretion  of  Computerworld.  Questions? 
Please  call  1-800-883-9090. 

•  Vendors  are  encouraged  to  participate  at  Storage  Networking  World  through  sponsorship.  (Details  are  available  by  calling  Ann  Harris  at 
1-508-820-8667.)  Alternatively,  vendors  (as  well  as  venture  capitalists,  equity  analysts,  and  other  “non-IT  end-user"  professionals  as  defined  by 
Computerworld),  may  apply  for  registration  at  the  “non-sponsoring  vendor"  rate.  Determination  of  what  constitutes  a  “non-sponsoring  vendor" 
registration  is  at  the  sole  discretion  of  Computerworld.  You  will  also  be  required  to  adhere  to  our  non-solicitation  policy  posted  on-site. 


“Best  Practices  in  Storage” 

Awards  Program 

Pre-Conference 

Golf  Outing 

Sponsored  by: 

Quantum 

Travel  and 
Accommodations 

Submit  your  nomination  today  at 

www.snwusa.com 

or  email  Nanette  Jurgelewicz  at 
nanette  Jurgelewicz®  computerworld.com 

Awards  Ceremony;  Wednesday, 

October  29,  3:05pm,  SNW  Main  Stage 

STORABE  nrp 

PRACTICES  IN 

STORAGE 

AWARDS  PROGRAM 

carmuMU  'A-snia 

Complimentary  for  Registered  IT  Users 

The  Pre-Conference  Golf  Outing  at  The  Ritz-Carlton  Golf  Club  located 
adjacent  to  the  JW  Marriott  Grande  Lakes  Resort,  is  complimentary 
($165  value)  for  registered  IT  End-Users  (other  participants,  including 
sponsors  and  vendors,  may  play  on  an  “as  available"  basis  and  are 
responsible  for  all  applicable  golf  outing  expenses). 

For  details:  contact  Chris  Leger  at  1-508-820-8277 

IDG  Travel  is  the  official  travel  T  T-^  (  ' 

company  for  Storage  Networking  •  LZ  v_J 

World.  They  are  your  one-stop  shop 
for  exclusive  discounted  rates  on  hotel  accommodations. 

To  reserve  your  accommodations: 

visit  vww.etcentral.com  OR 

call  1-800-340-2262  (or  1-508-820-8159) 

For  more  information  and  to  register, 
visit  www.snwusa.com/print  or  call  1-800-883-9090  <1-508-820  8159) 


a“...  SNW  is  the  premier  event  for  storage 
issues  and  learning  how  to  use  storage 
efficiently ...  an  excellent  forum  for  me  to 
talk  to  other  users ...  allows  me  to  find  the 
latest  vendor  news  in  storage ..." 

David  Cfcambertatn 

VP.  Architecture  and  Capacity  Planning 
Prrrvtdtan  Financial  Corporation 


S“...  storage  is  a  key  component  of 
what  we’re  doing  ...  at  SNW,  I’ve 
been  able  to  get  a  good  perspective 
and  new  ideas  on  what  we  can 
implement  and  how  to  do  it ...” 

Oamton  Ryan 

Director  of  System®  Architecture  and  Administration 
Dow  Jones/FoCtiVd 


Register  for  accommodations  at: 
www.etcentral.com 
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October  27-30, 2003 

JW  Marriott  Grande  Lakes  Resort 
Orlando,  Florida 

Co-owned  &  Produced  by: 

computer™ 

Co-owned  &  Endorsed  by: 


SNIA 

Sroua  Netwujw  liousirr  Association 


Application  for  Conference  Registration 


TO  REGISTER: 

•  Fax  this  form  to  508-626-8524 

•  Or  register  online  at  www.snwusa.com/print 

•  You  will  receive  a  confirmation  via  email 


QUESTIONS? 

•  Call:  our  Customer  Service  Line  at  800-883-9090 

•  Email:  snwreg@computerworid.com 


CODE:  PRINT 


Earlybird  Registration 

Options  for  IT  End-Users* *  I  (through  September  12) 

On-Site  Registration 

i  (after  September  12) 

General  Conference  Package  (Oct.  28, 29):  □  $895 

(Includes  General  Conference  sessions.  Expo,  Meals  and  Receptions) 

□  $1,295 

Total  4-day  Package  (Oct.  27, 28, 29, 30):  □  $1,290  □  $1,690 

(Includes  General  Conference  Package:  Technical  and  Business  Tracks:  SNIA-produced  Tutorials:  SN lA-Certif ication  "Test-Ready"  Courses) 

Options  for  IT  Vendors** 

Total  4-day  Package  (Oct.  27, 28, 29, 30):  □  $1,290 

(Available  to  Sponsoring  Vendors  and  their  Resellers/Integrators:  Industry  Consultants:  and  Storage  Solutions  Implementors) 

□  $1,690 

Non-Sponsoring/Exhibiting  Vendor  Package:  □  $5,000 

□  $5,000 

*  IT  End-Users  are  defined  as  those  who  are  attending  Storage  Networking  World  with  an  intent  (and  an  IT  spending  budget)  to  potentially  buy/purchase  hardware/software/services/etc.  from  our  conference  sponsors  and 
exhibitors.  As  such,  account  representatives/business  development  from  any  company,  analysts,  venture  capitalists,  and  anyone  else  attending  who  does  not  have  IT  purchasing  influence  within  their  organization  are 
excluded  from  the  “IT  End-User"  designation.  Enforcement  of  this  interpretation  and  policy  is  at  the  sole  discretion  of  Computerworld.  Questions?  Please  call  1-800-883-9090. 


Vendors  are  encouraged  to  participate  at  Storage  Networking  World  through  sponsorship.  (Details  are  available  by  calling  Ann  Harris  at  1-508-820-8667.)  Alternatively,  vendors  (as  well  as  venture  capitalists,  equity 
analysts,  and  other  “non-U  end-user”  professionals  as  defined  by  Computerworld),  may  apply  for  registration  at  the  “non-sponsoring  vendor"  rate.  Determination  of  what  constitutes  a  “non-sponsoring  vendor"  registration  Is  at 
the  sole  discretion  of  Computerworld.  You  will  also  be  required  to  adhere  to  our  non-solicitation  policy  posted  on-site. 


Registration  Information:  (This  section  must  be  completed  in  order  to  process  your  application) 


First  Name: 

Middle  Initial:  Last  Name: 

Title: 

ComDanv: 

Street  Address: 

Suite.  Apt.,  etc.: 

City: 

State/Prov: 

Zip/Postal  Code: 

Country: 

Phone  Number: 

Extension: 

Fax  Number: _  E-Mail  Address: _ 

Badge  Name: _  □  Special  Services  Required?  (Please  attach  written  description) 

Would  you  like  to  receive  information  about  playing  in  the  golf  outing  on  Monday,  October  27th  (PM)?  □  Yes  □  No 
Please  indicate  your  preferred  conference  shirt  size:  □  S  □  M  □  L  □  XL  □  XXL  □  XXXL 


Attendee  Profile:  (This  section  must  be  completed  in  order  to  process  your  application) 


SECTION  A  -  FOR  IT  END-USERS  ONLY 


Your  Business/Industry: 

□  Transportation/Utilities 

□  Mining/Oil/Gas 

□  Media/Publishing 

□  Banking/Finance/Insurance 

□  Telecommunications 

□  Wholesale/Retail  (Non-IT) 

□  Advertising/Marketing/Public  Relations 

□  Education 

□  Government/Military 

□  Healthcare 

□  Manufacturing  (Non-IT) 

□  Other 

Your  Job  Title/Function: 

□  CEO/COO/Chairman/President 

□  CIO/CTO 

□  VP/GM/Director 

□  IS/IT  Director/Manager 

□  Other  IS/IT  Department  Manager/Supervisor 

□  Other  Corporate/Business  Manager 

□  Corporate/Business  Staff 

□  Consultant  (Internal)  or  Other 

Select  item  below  that  most  closely 
matches  your  involvement  in  IT  decisions: 

□  Specify  features/Technical  requirements 

□  Evaluate/Recommend  Products.  Brands, 
Vendors 

□  Create  Strategy/Determine  the  need  to  purchase 

□  Set  budget  for  expenditure 

□  Authorize/Approve  purchase 

□  None  ol  the  above 


Employees  in  your  entire  Company: 

□  10,000+ 

□  5,000-9,999 

□  1,000-4,999 

□  500-999 

□  100  -  499 

□  Less  than  100 

Estimated  annual  revenue 
of  your  entire  company: 

□  $10  Billion* 

□  $5  Billion  -  $9.9  Billion 

□  $1  Biliion  -  $4.9  Billion 

□  $500  Million  -  $999  Million 

□  $100  Million  -  $499  Million 

□  $50  Million  -  $99  Million 

□  Less  than  $50  Million 

Annual  company  IT  budget 
(All  IT  products  and  services): 

□  $100  Million* 

□  $50  Million  -$99.9  Million 

□  $20  Million  -  $49.9  Million 

□  $10  Million  -  $19.9  Million 

□  $5  Million  -  $9.9  Million 

□  $1  Million  -  $4.9  Million 

□  $500,000  -  $999,999 

□  Less  than  $500,000 


Annual  company  IT  budget 
(Storage  products  and  services): 

□  $100  Million* 

□  $50  Million  -  $99.9  Million 

□  $20  Million  -  $49.9  Million 

□  $10  Million -$19.9  Million 

□  $5  Million  -  $9.9  Million 

□  $1  Million- $4.9  Million 

□  $500,000  -  $999,999 

□  Less  than  $500,000 

Your  personal  IT  spending  authority 
(All  IT  products  and  services): 

□  $100  Million* 

□  $50  Million  -  $99.9  Million 

□  $20  Million -$49.9  Million 

□  $10  Million -$19.9  Million 

□  $5  Million  -  $9.9  Million 

□  $1  Million- $4.9  Million 

□  $500,000 -$999,999 

□  Less  than  $500,000 

Your  personal  IT  spending  authority 
(Storage  products  and  services): 

□  $100  Million* 

□  $50  Million  -  $99.9  Million 

□  $20  Million  -  $49.9  Million 

□  $10  Million  -  $19.9  Million 

□  $5  Million  -  $9.9  Million 

□  $1  Million  -  $4.9  Million 

□  $500,000 -$999,999 

□  Less  than  $500,000 


SECTION  B  -  FOR  IT  VENDORS  ONLY 

Your  Business/Industry: 

□  VAR/VAD/ASP/System  Integrator 

□  Industry  Consultant/Storage  Solution  Integrator 

□  Manufacturing  (IT) 

□  Computer  Retailer/Dealei/Wholesaler 

□  Software  Development  (Storage) 

□  Other  Computer  Related  (Non-Sfotage) 


Your  Job  Title/Function: 

□  CEO/COO/Chairman/President 

□  CFO/Controller/Treasurer 

□  VP/GM/Director 

□  Sales/Marketing/Product  Staff 

□  CIO/CTO/OtherlS/IT  Manager 

□  Engineering  Staff 

□  Press 


Payment  Method 

□  Check  Enclosed  (checks  must  be  received  by  10/17/03) 

(Make  payable  to:  Computerworld:  Mail  to:  Computerworld,  Attn:  Pam  Malingowski, 
500  Old  Connecticut  Path,  Framingham.  MA  01701) 

□  American  Express  □  VISA  □  MasterCard 

Account  Number: 


Expiration  Date: _ 

Card  Holder  Name: 


Signature  of  Card  Holder: 


Cancellation  Policy  (All  of  the  below  options  require  written  notification ..) 

In  the  event  ol  cancellation,  the  registrant  has  three  options: 

1)  He  or  she  may  substitute  another  attendee  lor  this  conlerence. 

2)  He  or  she  may  transfer  this  registration  to  the  Spring  2004  Storage  Networking  World*  conference,  if  written 
notice  is  received  by  October  6, 2003. 

3)  The  registration  fee  will  be  refunded,  less  $250  service  charge,  if  written  notice  is  received  by  October  6. 2003, 

Computerworld  reserves  the  right  to  limit  and/or  refuse  any  registration 
for  any  reason. 


Schedule  of  Conference  Events  (sub|ect  to  change) 

Monday,  October  27, 2003 

•  Industry  Primer  •  Pre-Conference  Golf  Outing 

•  SNIA  Produced  Tutorial  Sessions  •  Welcome  Reception 

Tuesday,  October  28, 2003 

•  General  Conlerence  &  User  Case  Studies  •  Exposition 

•  Interoperability  and  Solutions  Demo  •  Pre-certification  Refreshers 

Wednesday,  October  29, 2003 

•  General  Conference  &  User  Case  Studies  •  Exposition  •  Pre-certification  Refreshers 

•  Interoperability  and  Solutions  Demo  •  Gala  Evening 

Thursday,  October  30,  2003 

•  Tutorial  Sessions  •  Pre-certification  Refreshers 
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companies  can  also  use  it  to  keep  em¬ 
ployees  tuned  into  specific  corporate 
events  or  information  without  relying 
on  e-mail.  And  because  this  channel 
comes  as  a  service  with  tools  designed 
for  marketers,  there’s  no  need  to  have 
an  army  of  programmers  setting  up  ex¬ 
piration  dates  for  messages,  directories 
of  approved  recipients  or  preferences 
for  the  look  and  feel  of  the  messages.  If 
you  can  make  a  PowerPoint  presenta¬ 
tion,  you  can  use  this. 

Another  spam  problem  is  storage. 
Your  systems  may  be  storing  this  junk 
(desktops  certainly  are)  without  your 
knowledge.  With  one-to-one  private 
communications,  you  specify  what’s  to 
be  kept  and  what’s  not.  Also,  this  type 
of  communication  isn’t  browser-based, 
so  you’re  not  at  the  mercy  of  security 
snafus  related  to  viewing  the  Internet. 

One-to-one  communication  isn’t  for 
everything  —  and  there’s  still  the  issue 
of  replying  securely  —  but  it’s  an  inno¬ 
vative  alternative  when  you  know 
you’re  licked.  I 

THORNTON  MAY 

Redefining 
;  ‘Heroic’ IT 
Leaders 


DURING  the  past  eight 
months  I  have  been 
deeply  involved  in  a 
multiyear  global  research 
project  involving  hundreds  of 

CIOs  and  aimed  at  better  understand- 
”  ing  the  evolving  CIO  “habitat.”  I’ve  dis¬ 
covered  that  it’s  a  varied  and  exotic 
ecosystem,  indeed. 

-  The  data  collected  puts  the  compa- 
|  nies  surveyed  into  four  performance 
"I  categories: 


■  Poor  IT  shops 

22% 

*  Average  IT  shops 

39% 

s  Good  IT  shops 

23% 

m  V  rld-class  IT  shops 

16% 

Paying  particular  attention  to  perfor¬ 
mance  inflection  points  (that  is,  the 


separate  poor  IT  shops 
1  shops,  average  IT 
id  IT  shops  and  so  on), 
ed  several  competency 
overall  performance  of 


perational  excellence 
f  the  world-class  IT 
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shops  in  the  sample  was  a 
“managed  mind -set”  toward 
IT.  The  concept  of  a  man¬ 
aged  mind-set  shouldn’t  be 
trivialized  as  academicspeak 
or  spin,  nor  should  it  be  de¬ 
monized  as  mind  control. 

Progressive  CIOs  in  our 
research  have  revised  how 
they  think  about  IT.  At  the 
core  of  the  rethinking  was  a 
fundamental  change  in  the 
perception  of  what  consti¬ 
tuted  heroic  IT. 

Popular  culture  paints  he¬ 
roes  in  bold,  John  Wayne  strokes,  por¬ 
traying  them  as  bigger-than-life  per¬ 
formers  riding  in  to  save  the  day.  Day- 
to-day  workers  are  often  stereotyped  as 
Dilbert-like  victims  or  George  Babbitts, 
practitioners  of  narrowmindedness  and 
selfishness,  like  the  antihero  of  Sinclair 
Lewis’  novel  Babbitt. 

Analysis  of  the  academic  literature 
on  heroism  indicates  a  perceptual  bias 


that  demands  certain  pre¬ 
conditions  for  heroism  to 
occur.  That  is,  for  someone 
to  become  a  hero,  some¬ 
thing  perceptibly  bad  or 
extraordinary  must  happen 
first.  It  is  no  accident  that 
America’s  most  respected 
presidents  all  served  dur¬ 
ing  times  of  great  national 
trauma,  though  not  all  trau¬ 
ma  leads  to  greatness. 

In  “old-think”  IT  shops 
(those  not  in  the  world- 
class  category),  staffers 
perceived  as  heroes  are  the  ones  who 
fix  things  when  they  break,  do  multiple 
all-nighters  to  deliver  projects  close  to 
deadline  or  deliver  to  business  users 
what  they  were  told  was  impossible  to 
achieve.  But  how  efficient  is  that  ap¬ 
proach? 

CIOs  are  no  stranger  to  heroic  cir¬ 
cumstances.  Indeed,  63%  of  the  CIOs 
in  the  Global  2,000  arrived  at  their  po¬ 


sition  heroically  —  they’re  generally 
regarded  as  having  salvaged  a  desper¬ 
ate  situation  left  by  a  predecessor. 

As  an  optimistic  futurist,  I  am  obli¬ 
gated  to  ask:  In  a  world  where  IT  does¬ 
n’t  break  down  as  much  as  it  does  to¬ 
day,  in  a  world  where  IT  is  well  run, 
will  there  be  opportunities  for  IT  he¬ 
roes  to  emerge? 

World-class  IT  shops  have  redefined 
IT  heroism  to  include  the  everyday  he¬ 
roes  who  build  systems  that  run  as 
promised,  who  are  unafraid  of  personal 
responsibility  and  who  are  unwilling  to 
accept  quick  fixes  that  gloss  over  prob¬ 
lems  without  getting  to  their  roots. 

This  is  the  definition  for  IT  heroes 
you  should  be  using  in  your  company. 
You’ll  be  surprised  at  how  many  of 
them  you’ll  find  in  your  organization.  ► 

WANT  OUR  OPINION? 

OMore  columnists  and  links  to  archives  of  previous 
columns  are  on  our  Web  site: 

www.computerworld.com/columns 


thornton  may  is  a  long¬ 
time  industry  observer, 
management  consultant 
and  commentator. 
Contact  him  at 
thomtonamay@aol.com. 
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Outsourcing  Acceptance  Is  Hard  to  Find 


Has  DAVID  MOSCHELLA  con¬ 
sidered  the  security  issues  of 
code  being  generated  in  parts  of 
the  world  that  are  hostile  to  the  U.S. 
[“Outsourcing  Is  Good,”  QuickLink 
40327]?  In  the  same  issue  that  this 
column  ran,  just  look  at  the  front 
page  and  the  description  of  Dan 
Verton's  book  Black  Ice  on  cyber¬ 
terrorism. 

Steve  Farley 
Account  executive, 

PPT  Inc.,  Lancaster,  Pa., 
sfarley@pptnet.com 

|  UNDERSTAND  the  business  case 
i  for  moving  jobs  overseas,  but 
since  a  significant  portion  of  Ameri¬ 
ca's  tax  base  is  derived  from  these 
jobs,  I  have  to  wonder  why  our 
politicians  have  never  done  more  to 
protect  them.  Maybe  we  haven’t 
yelled  loud  enough  yet.  Then  again, 
maybe  David  Moschella  is  right 
Maybe  it’s  natural  ior  aging  indus¬ 
tries  to  send  jobs  overseas,  even 
jobs  that  serve  the  American  public 
directly.  Maybe  we  should  embrace 
that  trend  and  expand  it  to  other  in¬ 
dustries  that  are  overdue  for  mod¬ 
ernization.  As  a  start,  I  know  some 
guys  in  India  who  would  make  very 
good  opinion  columnists. 

David  Woodham 
Software  engineer, 

Ualt“igh,  N.C. 


FAIR  POINTS  ALL  by  David 
Moschella.  I  remember  the  steel 
industry  contraction  of  the  1980s 
and  ’90s,  but  the  scary  thing  about 
the  IT  contraction  is  that  it  has  been 
about  10  times  faster.  Overnight, 
the  perception  of  technical  people 
has  gone  from  being  wizards,  gurus 
and  (affectionately  termed)  geeks 
to  being  dull,  commodity  drones. 
Job  security  has  vanished.  Things 
will  eventually  come  back  into  bal¬ 
ance,  but  this  trend  will  extract  a 
steep  human  cost  in  the  meantime. 
Companies  that  exploit  conditions 
ruthlessly  risk  a  backlash  either 
from  the  government  or  from  work¬ 
ers  when  the  market  and  worker 
mobility  improve. 

Timothy  Wood 
San  Francisco 

Sometimes  in  the  marketplace, 
short-term  economics  wins 
over  what’s  wise  for  the  longer  term. 
If  we  lose  out  on  exploiting  the  tal¬ 
ents  of  a  highly  trained  pool  of  pro¬ 
fessionals  simply  on  the  basis  of 
cost  per  thousand  lines  of  code  or 
hourly  pay,  we  risk  not  only  our 
country’s  security  but  also  the  com¬ 
petitiveness  of  U.S.  companies 
around  the  world.  It’s  been  said  that 
the  modern  economy  is  global  and 
the  problems  local,  but  the  U.S. 
risks  giving  away  the  local  competi¬ 


tive  advantages  it  has  in  its  work¬ 
force  through  political  neglect  and 
a  short-term  focus. 

Charles  Olson 

Consulting  software  engineer, 
Auburn  Mass., 
ctosw@yahoo.com 

Outsourcing  will  spell  nothing 
but  long-term  economic  trouble 
for  our  country.  In  these  times  of 
huge  deficits  and  tax  refunds,  cor¬ 
porations  that  lay  off  and  send  IT 
jobs  offshore  are  assisting  in  further 
weakening  our  country’s  economic 
engine.  Middle-class  workers  pay 
federal  income  taxes,  Social  Securi¬ 
ty  taxes  and  Medicare  taxes.  Corpo¬ 
rations  receive  far  too  many  tax 
breaks  to  make  up  the  difference. 
Every  job  lost  to  a  foreign  land 
means  that  an  American  taxpayer  is 
no  longer  helping  to  fund  our  de¬ 
fense,  social  services  and  health 
care.  Where  will  that  money  come 
from?  Yes,  outsourcing  will  be  a 
short-term  win  for  corporate  Ameri¬ 
ca’s  bottom  line,  but  the  long-term 
effects  will  be  monstrous. 

Vernon  E.  Bell 
Chicago 

WHERE  IS  Computerworld dig¬ 
ging  up  columnists  like  David 
Moschella  and  Ward  Larkin  [“Off¬ 
shore  Outsourcing  Is  Less  of  a 
Threat  Than  You  Think,"  QuickLink 
40490]?  Surely  their  articles  are  a 


test  to  see  if  people  are  reading  the 
publication  and  if  they’ll  respond  to 
patent  hogwash.  Both  Moschella 
and  Larkin  fail  to  mention  the  erod¬ 
ing  effect  on  the  U.S.  when  every¬ 
thing  is  produced  offshore  and 
shipped  in,  and  they  neglect  to 
speak  to  the  cultural  mismatches 
that  will  show  up,  not  only  in  the 
software  produced,  but  also  in  the 
most  basic  of  communications. 

Their  acceptance  of  the  IT  out¬ 
sourcing  trend  is  appalling.  While 
it’s  true  that  businesses  will  do  what 
they  feel  to  be  in  their  best  interest 
and  that  getting  upset  won’t  do  any 
good,  lying  down  in  spineless  ac¬ 
ceptance  will  do  far  less. 

Nick  Bronzan 
CEO/CTO, 

USInvestments  Publishing 
Corp.,  Colorado  Springs, 
nickbronzan@earthlink.net 

COMPUTERWORLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor,  Computerworld. 
PO  Box  9171, 500  Old  Connecticut 
Path,  Framingham,  Mass.  01701. 
Fax:(508)879-4843. 

E-mail:  letters@computerworld.com. 
Include  an  address  and  phone  num¬ 
ber  for  immediate  verification. 

OFor  more  letters  on  these  and 
other  topics,  go  to 

www.computerworld.com/letters 


It  can  make 
your  Web  apps  three 
times  faster. 


Visual  Studio  .NET  can  help  you  with  (nearly)  every  part  of  your  job.  Your  Web  applications  just  got  faster.  ASP.NET,  the 


Web  application  environment  in  Visual  Studio  . NET,  offers  dramatically  improved  performance  over  classic  ASP.  Here’s  how 


B  Compiled  Page  Execution  ASP.NET  pages  are  compiled  once  and  cached  in  memory  instead  of  being  interpreted  each  time 


the  page  is  requested.  B  Rich  Output  Caching  ASP.NET’s  caching  features  quickly  retrieve  database  queries,  full  pages  (or  parts 


of  pages),  and  objects  from  memory  for  improved  app  performance.  B  Crash  Protection  Web  applications  can’t  be  fast  if  they’re 


It  can’t  tell  you 
whether  this  is  meatlo 
orlasagna. 


ism 


mmmm 


down.  Duh.  So  ASP.NET  automatically  detects  and  recovers  from  errors  like  deadlocks  so 
your  application  is  always  available.  And  now  the  newly  released  Visual  Studio  .NET  2003  is 
here  for  building  and  deploying  even  faster  and  more  stable  applications.  Try  it  now:  log 
on  to  a  fully  featured,  free*  online  hosted  session  and  get 

Microsoft’ 

more  information  at  msdn.microsoft.com/vstudio/tryit  VisualStudio.net 


NILE  BENCHMARK 
8-CPU  PEAK  THROUGHOUT 


Want  to  cut  your  IT  costs  without  sacrificing 
performance?  PRIMEPOWER  Servers  from  Fujitsu. 

BThe  secret  is  out.  PRIMEPOWER™ Solaris™- compatible 
servers  from  Fujitsu®  deliver  a  major  breakthrough  in 
price/performance  compared  to  our  more  famous 
competition.  Want  proof?  PRIMEPOWER  servers  offer 
such  an  advantage  that  the  world’s  leading  com¬ 
panies  use  them  to  boost  their  performance.  And  there’s  a 
PRIMEPOWER  server  that’s  right  for  any  application  you  need  — 
from  single  CPU,  rack-mounted  servers  to  enterprise-ready 
systems  that  scale  to  1 28  CPUs  for  unsurpassed  performance  in 
the  data  center. 

Of  course,  it’s  not  just  the  hardware  you’re  buying.  It’s  also 
Fujitsu’s  30+  years  of  experience  supporting  high-perform¬ 
ance,  mission-critical  systems.  We’ve  already  helped  many 
companies  consolidate  their  IT  infrastructures  and  lower  their 
Total  Cost  of  Ownership.  Our  free  white  paper,  The  Why  and 
How  of  Server  Consolidation,  explains  how.  Get  your  copy  at 
www.ftsi.fujitsu.com/ad.  Or  call  (877)  905-3644. 


FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 


£.'2002  Fujitsu  Corporation  Limited.  Fujitsu  and  the  Fujitsu  logo  are  registered  trademarks  of  Fujitsu  Limited.  PRIMEPOWER  is  a  trademark  or  registered  trademark  of  Fujitsu  Limited  in  the  United  States  and  other  countries. 
Solans  is  a  trademark  or  a  registered  trademark  of  Sun  Microsystems,  Inc.  in  the  United  States  and  other  countries. 
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Stretching  Tape  Technology 

Tape  is  still  the  main  backup 
medium  for  most  organizations  and 
is  likely  to  remain  so  for  at  least  another 
10  years  as  vendors  prepare  faster 
drives,  better  management  tools  and  tapes 
that  can  hold  terabytes  of  data.  Page  20 


FUTURE  WATCH 

Genoa  II:  Man  and 
Machine  Thinking  as  One 

IT  may  soon  make  it  possible  for 
humans  and  computers  to  “think  to¬ 
gether”  in  real  time  to  anticipate  and 
preempt  terrorist  threats.  Page  22 


SECURITY  MANAGER’S  JOURNAL 

New  Spam  Policy: 

Return  to  Sender 

Vince  Tuesday’s  strategy  to  automati¬ 
cally  return  suspected  spam  before  it 
can  hit  users’  mailboxes  works  per¬ 
fectly  —  almost.  Page  23 


1  1 

i  I 

hen  you  have  con¬ 
solidated  computer 
systems  from  500  cor¬ 
porate  acquisitions, 
you  get  pretty  good  at 
IT  integration. 

Indeed,  nothing  so  distinguishes  IT 
at  Corporate  Express  Inc.  as  the  degree 
to  which  it  seamlessly  links  major  sup¬ 
ply  systems  —  its  own  and  those  of 
customers  and  suppliers.  The  $5.5  bil¬ 
lion,  Broomfield,  Colo.-based  vendor  of 
office  supplies  for  the  business  market 

has,  in  essence,  become  an  ex-  _ 

tension  of  the  procurement  sys¬ 
tems  of  its  largest  customers. 

“Integration  is  one  of  our  core 
competencies,”  says  CIO  Lisa 
Peters,  who  has  seen  her  IT 


XML  transactions  through  a  richly  fea¬ 
tured  Web  portal  called  E-Way. 

The  smallest  of  Corporate  Express’ 
30,000  customers,  which  typically  lack 
their  own  automated  procurement  sys¬ 
tems,  log  onto  E-Way  and  conduct  pur¬ 
chasing  transactions  much  as  a  con¬ 
sumer  might  at  Amazon.com.  These 
buyers  have  also  placed  many  of  their 
unique  procurement  rules  into  E-Way, 
so  that,  for  example,  E-Way  checks 
budgets,  buyer  authorizations  and  oth¬ 
er  controls  for  customers. 

_  But  750  of  the  company’s 

riPI  n  lar§est  customers  —  which  ac- 
f  I tLU  vj  count  for  some  80%  of  its  sales 
^volume  —  have  a  more  direct 
connection  to  E-Way.  Corporate 
Express  has  integrated  E-Way 


REPORT 


shop  grow  from  12  people  to  more  than 
300  in  the  past  nine  years. 

Corporate  Express  has  for  years  tak¬ 
en  orders  for  furniture,  paper,  comput¬ 
er  supplies  and  other  office  products 
by  telephone,  fax  and  electronic  data 
interchange.  In  1997,  it  began  offering 
customers  Internet-based  procure¬ 
ment  via  a  simple  CD-ROM  catalog. 
Now,  more  than  half  of  its  75,000  daily 
orders  arrive  electronically,  most  as 


Corporate 

Express  Goes 

Direct 


THE  B2B  OFFICE  PRODUCTS  VENDOR  IS 
SLASHING  COSTS  BY  INTEGRATING  TIGHTLY 
WITH  CUSTOMERS’  PROCUREMENT 
SYSTEMS.  BY  GARY  H.  ANTHES 


into  the  processing  fabric  of  their  in¬ 
ternal  procurement  systems.  That  in¬ 
volved  integrating  with  some  40  differ¬ 
ent  commercial  packages  from  compa¬ 
nies  ranging  from  Ariba  Inc.  to  Com¬ 
merce  One  Operations  Inc.  and  eScout 
LLC.  These  customers  start  to  build 
orders  locally,  but  then  bridge  to 
E-Way  by  leveraging  the  integration 
features  offered  by  each  vendor’s  prod¬ 
uct.  For  example,  Corporate  Express 
uses  PunchOut  for  integration  with 
Ariba,  RoundTrip  for  Commerce  One, 
ConnectScout  for  eScout  and  so  on. 

Although  customers  can  maintain 
their  own  versions  of  the  Corporate 
Express  catalog,  more  often  the  cata¬ 
logs  are  maintained  by  and  at  Corpo¬ 
rate  Express.  Every  catalog  is  tailored 
to  its  user’s  format,  terminology  and 
buying  practices. 

“E-Way  knows  all  the  customer  rules 
—  for  example,  that  they  don’t  buy 
desks  from  us,  so  desks  will  be  blocked 
out,”  says  Wayne  Aiello,  vice  president 
of  e-business  services.  “E-Way  actually 
becomes  the  customer’s  system,  so 
every  customer  has  to  be  examined 
and  treated  differently.” 

Corporate  Express  is  doing  about  10 
new  customer  integrations  per  month. 
They  take  10  to  20  days  —  with  require¬ 
ments  definition,  coding  and  testing  tak¬ 
ing  equal  amounts  of  time  —  but  the 
first  few  projects  took  10  times  that  long 
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The  E-Way  Architecture 


Behind  the  scenes  in  the  E-Way  system, 
customer  orders,  acknowledgements, 
invoices  and  other  transactions  flow  be¬ 
tween  customers  and  E-Way  as  XML 
transactions  by  way  of  two  Internet  ser¬ 
vice  providers. 

Orders  from  small  and  midsize  cus¬ 
tomers  that  use  E-Way  as  their  procure¬ 
ment  system  go  to  the  E-Way  Web  serv¬ 
er  and  pass  through  the  webMethods  In¬ 
tegration  Platform  server  directly  into  In- 
Vision,  Corporate  Express'  ERP  system. 
Orders  from  the  750  large  customers 
whose  own  e-procurement  systems  have 
been  integrated  with  E-Way  interact  with 
Integration  Platform  from  webMethods. 

Integration  Platform  is  the  enterprise 
application  integration  (EAI)  “layer”  that 
ties  Corporate  Express’  e-commerce,  ERP, 
warehouse  management  and  financial 
systems.  After  some  translating  and  for¬ 
mat  standardization,  the  EAI  layer  sends 
the  transaction  to  the  InVision  ERP  sys¬ 
tem,  where  it’s  processed  like  any  other  or¬ 
der.  InVision  sources  the  order  and  sends 
it  to  its  own  warehouse  or  to  a  whole¬ 
saler  for  pickup  and  delivery  the  next  day. 

E-Way  is  a  three-tier  system.  At  the 
top  sit  five  Sun  Microsystems  Inc.  Solaris 
servers  running  Apache  Web  server  soft¬ 
ware.  Files,  such  as  catalog  page  im¬ 


ages,  are  stored  on  a  Linux  server  and 
then  cached  on  Solaris  Web  servers  us¬ 
ing  the  Open  AFS  enterprise  file  system. 
The  second  tier,  a  JBoss  application 
server,  is  a  combination  of  JavaBeans 
and  servlets.  It  shares  a  big  Sun  Fire  15K 
server  with  the  third  tier,  the  Oracle  data¬ 
base  server  running  PL/SQL  procedures. 

Corporate  Express  is  migrating  the 
E-Way  application  code  from  Oracle 
PL/SQL  to  Java  2  Enterprise  Edition 
(J2EE).  That  will  allow  separation  of  pre¬ 
sentation  functions  from  business  logic  in 
JavaServer  Pages,  making  code  more 
modular  and  hence  easier  to  maintain,  says 
Bret  Mclnnis,  vice  president  for  e-busi¬ 
ness  technologies.  It  will  also  make  code 
more  scalable  and  efficient,  he  says.  The 
J2EE  architecture  will  use  several  open- 
source  software  tools,  such  as  Struts,  Tiles 
and  Velocity  -  frameworks  for  developing 
Java  applications  that  facilitate  breaking 
applications  into  their  functional  parts. 

Finally,  Trigo  Technologies  Inc.’s 
Product  Center  software  maintains 
product  catalog  information  and  publish¬ 
es  it  to  E-Way  and  other  systems.  The  4i 
eContent  Server  from  Documentum  Inc. 
maintains  an  archive  of  Web  site  con¬ 
tent,  including  reports  and  billing. 

-  GaryH.  Anthes 


'The  hardest  thing  three  to  four 
years  ago  was  that  nobody  in  the  in¬ 
dustry  had  done  it,”  Aiello  says.  “XML 
was  the  buzzword,  but  it  was  really 
new.  Platforms  like  Ariba  and  Com¬ 
merce  One  were  beginning  to  get  a  lot 
of  hype,  but  there  weren’t  people  who 
had  actually  implemented  them.” 

The  company  buys  off-the-shelf  soft¬ 
ware  when  it  can,  but  much  of  E-Way 


and  its  other  supply  systems  w'ere  devel¬ 
oped  in-house.  Commercial  packages  of¬ 
ten  aren’t  scalable  or  flexible  enough 
to  accommodate  the  unique  needs  of 
customers,  the  company  says.  For  exam¬ 
ple,  Corporate  Express  developed  its 
own  search  engine  tailored  to  the  char¬ 
acteristics  of  an  office  supply  catalog. 

Unocal  Corp.  in  El  Segundo,  Calif., 
used  to  buy  from  Corporate  Express  by 


telephone  and  fax,  but  has  now  inte¬ 
grated  its  Oracle  Corp.  procurement 
system  with  E-Way.  Michael  Comeau, 
e-procurement  tools  manager  at  Uno¬ 
cal,  says  he  likes  E-Way’s  ability  to 
send  all  invoices  to  a  central  point  for 
payment,  its  buying  controls  and  its  or¬ 
der-tracking  ability.  “Maverick  spend¬ 
ing  is  reduced  tremendously,”  he  says. 

Meanwhile,  Trisha  Smallwood, 
manager  of  mail  center  operations  at 
The  Kroger  Co.  in  Cincinnati,  says  she 
likes  E-Way  because  it  saves  her  five 
minutes  on  every  order.  No  more  fill¬ 
ing  out  an  order  form,  faxing  it  and 
waiting  for  confirmation.  The  process 
is  made  even  simpler,  she  says,  by 
E-Way’s  ability  to  maintain  a  list  of 
items  that  Kroger  orders  frequently  as 
well  as  the  special  prices  and  terms 
that  the  grocery  chain  has  negotiated. 

Data,  Data,  Everywhere 

Corporate  Express  used  software  from 
webMethods  Inc.  in  Fairfax,  Va.,  to  in¬ 
tegrate  its  major  logistics  and  financial 
applications.  The  webMethods  tool 
provides  flexibility  in  deciding  where 
data  and  logic  are  best  placed,  says  Bret 
Mclnnis,  vice  president  for  e-business 
technologies  at  Corporate  Express. 

For  example,  warehouse  inventory 
balances  change  constantly,  so  E-Way 
makes  a  synchronous  call  through  web¬ 
Methods  to  Corporate  Express’  cus¬ 
tom-developed  InVision  ERP  system 
to  retrieve  balances  when  they’re  re¬ 
quested  by  an  online  customer.  But 
pricing  data  is  more  static,  so  pricing 
algorithms  and  data  about  customers 
and  products  that  are  in  PL/SQL  pro¬ 
cedures  in  InVision  are  replicated  to 
E-Way  using  SharePlex  from  Quest 
Software  Inc.  in  Irvine,  Calif. 

“It  basically  sniffs  the  Oracle  logs 
and  replicates  the  data  in  real  time,” 
Mclnnis  says.  “We  wrap  that  Oracle 
code  in  a  JavaBean,  so  we  call  the  exact 
same  algorithm  that  InVision  calls  to 
get  the  customer’s  price.” 

A  performance  advantage  comes 
from  being  able  to  price  an  item  just 
when  it’s  needed.  Previously,  every 
combination  of  item  price  and  cus¬ 
tomer  was  stored  in  a  table  that  soon 
grew  to  an  unwieldy  1  billion  rows,  he 
says.  Moreover,  changes  to  price,  cus¬ 
tomer  and  item  data  can  be  made  in 
just  one  place  and  replicated  elsewhere 
as  needed.  And  use  of  an  integration 
tool  like  webMethods  effectively  allows 
software  to  be  used  in  multiple  places 
without  rewriting  it,  Mclnnis  adds. 

Optimum  placement  of  data  and  logic 
are  critical  when  dealing  with  a  high 
volume  of  low-margin  transactions, 
Mclnnis  says.  “Performance  and  scala- 


Getting  to 

Real  Time 

E-Way  started  out  with  a  much  simpler 
objective.  “When  it  started,  it  was  es¬ 
sentially  a  one-way  order  system,  an 
online  catalog,”  says  Wayne  Aiello,  vice 
president  of  e-business  services.  “They’d 
find  a  product  and  send  an  order  into  In¬ 
Vision,”  the  company’s  ERP  system. 

That  has  changed,  however.  “It’s 
transforming  itself  into  a  two-way  inter¬ 
face  between  us  and  the  customer,”  he 
says,  “so  as  we  continue  to  add  more 
transactions,  we  are  bringing  more  in¬ 
formation  from  our  supply  chain  forward 
to  the  customer.” 

Corporate  Express  has  a  number  of 
supply  chain  and  financial  systems,  plus 
interfaces  with  the  systems  of  its  suppli¬ 
ers.  Any  information  from  those  sources 
is  potentially  available  to  present  to  cus¬ 
tomers  using  the  webMethods  integra¬ 
tion  tool.  Corporate  Express  already 
uses  that  tool  to  retrieve  real-time  inven¬ 
tory  balances  from  its  InVision  system 
and  send  them  to  customers  via  E-Way. 

But  if  an  item  isn’t  in  stock,  it  doesn’t  tell 
buyers  when  it  might  be  on  the  shelves 
again.  Soon  E-Way  will  also  retrieve  the 
item’s  estimated  date  of  receipt  based 
on  the  supplier’s  information  system. 

Corporate  Express  also  plans  to  push 
more  order-status  information  to  cus¬ 
tomers,  including  who  signed  for  a  de¬ 
livery  at  the  customer  site.  A  point-of- 
delivery  device  will  capture  that  data 
and  send  it  via  a  service  of  Aether  Sys¬ 
tems  Inc.  to  a  warehouse  management 
system,  where  webMethods  can  grab  it 
and  present  it  to  the  E-Way  user. 

-  GaryH.  Anthes 

bility  are  always  huge  issues  for  us,”  he 
says.  “Our  average  order  size  is  [small], 
so  it  takes  a  lot  of  transactions  for  $5 
million  a  day  on  our  Web  site.” 

While  grabbing  data  using  web¬ 
Methods  is  “theoretically  easy,”  Aiello 
says,  optimizing  performance  is  not. 

“At  any  point,  we  have  thousands  of 
people  on  the  site  placing  orders.  Mak¬ 
ing  something  available  to  3,000  users 
simultaneously  is  a  challenge.”  I 
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Profit  Motive:  Electronic  orders  are  the  key  to 
profitability  -  but  most  savings  go  to  customers: 
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Searching  for  Answers:  Learn  how  Corporate 
Express  customized  its  search  engine: 
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The  grid  went  down.  Our  customers  did  not. 
That’s  why  over  85%  of  the  FORTUNE®  500® 
rely  on  VERITAS  software  for  disaster  recovery. 
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As  backup  needs  grow,  tape  vendors 
are  preparing  faster  drives,  better 
management  tools  and  terabyte-size 
tape  cartidges.  By  Lucas  Mearian 


Like  many  it  executives, 
Eric  Eriksen,  chief  technol¬ 
ogy  officer  at  New  York- 
based  Deloitte  Consulting, 
would  like  tape  to  just  go 
away.  The  added  cost  of  managing  tape 
backup  systems,  slow  and  unreliable 
restoration,  cartridge  inventorying  and 
off-site  storage  headaches  have  him 
hoping  that  cheap  disk  drives  may 
someday  replace  50-year-old  tape  tech¬ 
nology  in  the  data  center. 

“We  only  need  tape  for  cases  when 
we  can’t  restore  from  disk.  It’s  a  neces¬ 
sary  evil,”  he  says. 

Yet  despite  a  drastic  shift  toward 
low-cost  Advanced  Technology  At¬ 
tachment  disk  arrays  for  backing  up 
business  data,  there’s  no  end  in  site  to 
the  use  of  tape  in  the  data  center  — 
especially  for  archival  storage.  Admin¬ 
istrators  may  complain,  but  tape  still 
has  an  enormous  intalled  base  and  re¬ 
mains  10  to  50  times  less  expensive 
than  disk.  It’s  also  very  secure,  since 
data  stored  off-line  on  removable  me¬ 
dia  is  physically  inacessible  to  hackers 
and  viruses. 

And  vendors  and  analysts  say  evolu¬ 


TAPE 
TECHNOLOGY 


tionary  advances  in  the  basic  technolo¬ 
gy  in  midrange  tape  drive  systems,  im¬ 
provements  in  management  tools,  and 
the  emergence  of  combined  disk/tape 
subsystems  are  likely  to  answer  some 
user  complaints  —  and  keep  tape  tech¬ 
nology  in  data  centers  for  at  least  an¬ 
other  decade. 

Bigger  and  Faster 

Manufacturers  of  the  three  leading 
midrange  tape  drive  technologies  — 
digital  linear  tape  (DLT),  linear  tape- 
open  (LTO)  and  advanced  intelligent 
tape  (AIT)  —  are  preparing  significant 
capacity  and  speed  improvements.  Ad¬ 
vanced  drives,  including  SuperDLT 
(SDLT),  SuperAIT  (S-AIT)  and  LTO 
Ultrium  2  (LTO-2),  are  the  latest  varia¬ 
tions.  Each  uses  half-inch  tape  and  of¬ 
fers  roughly  five  times  the  capacity 
and  performance  of  standard  DLT,  AIT 
and  LTO  tapes  [For  a  more  detailed  ex¬ 
planation  of  these  technologies,  go  to 
QuickLink  40422]. 

For  example,  DLT  was  developed  in 
1986  and  the  average  cartridge  origi¬ 
nally  held  about  96MB  of  data.  SDLT 
today  holds  160GB.  Over  the  next 


decade,  SDLT  will  grow  to  about  2.5TB 
native  capacity  with  250MB/sec. 
throughput.  LTO,  which  derives  its 
name  from  its  open  architecture,  could 
grow  to  10TB  native  capacity  by  2011. 

Vendors  say  1TB  tape  cartridges 
could  appear  as  early  as  next  year. 

Tape  manufacturers  such  as  Quantum 
Corp.,  Certance  LLC  and  Storage  Tech¬ 
nology  Corp.  expect  tape  to  more  than 
meet  future  needs.  That’s  a  tall  order, 
since  the  amount  of  data  produced  by 
the  average  enterprise  is  doubling 
every  year,  according  to  Stamford, 
Conn.-based  Gartner  Inc. 

To  keep  up,  tape  media  will  evolve 
to  have  more  than  1,000  tracks  and  a 
thickness  of  6.9  microns  (about  as 
thick  as  cellophane).  And  it  will  also 
work  with  drives  that  write  on  both 
sides  of  the  tape,  says  Jeff  Laughlin, 
director  of  strategy  for  the  automated 
tape  solutions  unit  at  StorageTek  in 
Louisville,  Colo. 

In  contrast,  StorageTek’s  current 
high-end  tape  drive,  the  proprietary 
T9940B,  uses  200GB,  one-sided  tape 
that  has  576  tracks  and  is  9  microns 
thick.  Laughlin  expects  transfer  rates 
to  keep  up  with  the  larger  capacity 
tapes  as  well.  “There’s  more  money  be¬ 
ing  spent  on  tape  media  research  than 
ever  before  in  history.  You’re  going  to 
see  greater  transfer  rates  at  the  head 
interface,  transfer  rates  of  100GB/sec., 
200GB/sec.,”  he  says. 


Choosing  the  Right  Format 


Will  the  SDLT,  LTO-2  or  S-AIT  tape  drive  tech¬ 
nology  you're  using  today  be  around  tomorrow? 
Most  likely,  vendors  and  analysts  say,  although 
some  users  are  finding  reasons  to  switch  from 
one  format  to  another. 

Even  with  software  advances  in  SDLT,  more 
users  are  buying  LTO-2  drives  these 
days.  Bob  Amatruda,  an  analyst  at 
Freeman  Reports  in  Ojai,  Calif.,  says 
LTO-2  appeals  to  users  because  its 
open  architecture  offers  a  choice  of 
vendors.  Hewlett-Packard  Co.,  IBM  and  Costa 
Mesa,  Calif.-based  Certance  all  manufacture 
LTO-2  products,  whereas  only  Quantum  pro¬ 
duces  DLT  and  SDLT  drives. 

In  July,  Quantum  put  self-diagnosing  intelli¬ 
gence  into  its  SDLT  drives,  a  move  that  analysts 


say  will  help  boost  sales.  Quantum  also  says  it 
has  plans  for  at  least  four  more  incarnations  of 
SDLT,  and  the  vendor  has  31%  of  the  overall 
tape  market  -  more  than  any  of  its  competitors. 

But  John  Pearring,  president  of  StorServer 
Inc.  in  Colorado  Springs,  a  manufacturer  that 
sells  all  three  tape  technologies,  still 
gives  LTO  the  edge.  “LTO  is  open  and 
makes  more  sense,  and  it’s  2006B 
native  [vs.  1606B  for  the  latest  SDLT 
320  drives],”  he  says. 

Deloitte’s  Eric  Eriksen  says  he’s  looking  at 
moving  from  four  HP  tape  libraries,  with  eight 
SDLT  drives  each,  to  a  single  HP  or  ADIC  Scalar 
10K  tape  library  using  LTO  drives  for  greater  ca¬ 
pacity  in  a  smaller  footprint.  He  says  his  decision 
isn’t  being  driven  so  much  by  LT0-2’s  open¬ 


ness,  but  by  its  compression  rates  and  speeds, 
which  -  for  the  moment  -  exceed  those  of 
SDLT.  He  also  says  that  the  new  LTO-2  libraries 
are  more  scalable  than  his  older  system. 

“One  of  the  things  that’s  important  when 
we’re  doing  streaming  across  multiple  tape 
drives  is  to  be  able  to  restore  quickly,”  he  says, 
referring  to  LT0-2’s  200GB  capacity  and 
35MB/sec.  throughput. 

That  doesn’t  matter  to  Phil  Andrews,  director 
of  high-end  computing  at  the  supercomputing 
lab  at  the  University  of  California,  San  Diego.  He 
has  avoided  LTO  Ultrium  because  he  says  it 
lacks  the  track  record  of  reliability  that  he  re¬ 
quires.  “We’ve  looked  at  LTO,  but  we  have  to  be 
conservative  because  we’re  holding  a  lot  of 
people’s  data  here,”  he  says. 

And  while  LTO  has  a  capacity  and  perfor¬ 
mance  edge  over  SDLT  today,  analysts  say  the 


two  tape  technologies  continuously  leapfrog 
each  other  in  capacity  and  throughput,  so  other 
factors  may  be  more  important. 

SDLT  and  LTO-2  may  be  neck  and  neck  in 
speeds  and  feeds,  but  Sony  Electronics  Inc.’s 
S-AIT  leapfrogged  both  with  the  vendor’s  intro¬ 
duction  of  a  500GB,  30MB/sec.  drive  in  De¬ 
cember  -  and  it’s  likely  to  remain  ahead  for 
some  time,  based  on  current  SDLT  and  LTO 
road  maps  (see  graphs,  below). 

S-AIT  also  has  the  edge  in  pricing:  S-AIT 
tape  cartridges  are  $80,  vs.  $120  for  LTO-2  and 
$130  for  SDLT.  Sony  intends  to  develop  and 
support  S-AIT  through  at  least  a  sixth  genera¬ 
tion,  says  Stephen  Baker,  vice  president  of  stor¬ 
age  solutions  at  Sony  in  San  Jose.  But  S-AIT s 
appeal  has  been  limited  because,  as  with  SDLT, 
only  one  manufacturer  produces  the  drives. 

-  Lucas  Mearian 
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Smarter 

Emerging  management  software  that 
can  monitor  the  health  of  tape  drives, 
Fibre  Channel  switch  port  connections 
to  libraries  and  even  the  tape  car¬ 
tridges  themselves  will  help  ensure 
that  users  are  able  to  restore  from  tape, 
more  easily  manage  backups  and  pre¬ 
dict  problems  and  backup  failures, 
vendors  say.  Advanced  Digital  Infor¬ 
mation  Corp.  (ADIC)  and  Quantum, 
for  example,  have  recently  introduced 
native  management  software  tools  on 
their  tape  libary  and  drive  technology. 

ADIC  sells  all  major  tape  cartridge 
technologies  in  its  automated  libraries 
and  tape  autoloaders,  but  Dave  Uvelli, 
an  executive  director  at  the  Redmond, 
Wash.-based  company,  says  he  believes 
cartridge  formats  and  drive  technolo¬ 
gies  are  becoming  irrelevant.  Instead, 
ADIC  is  betting  on  new,  intelligent 
tape  library  systems  that  will  eventual¬ 
ly  provide  detailed  information  on 
drives  and  tape,  whether  it’s  related  to 
a  downed  switch  port,  a  stuck  drive  or 
a  tape  cartridge  that’s  reaching  the  end 
of  its  life. 

One  example  of  archival  intelligence 
is  ADIC’s  Scalar  i2000  tape  library.  In¬ 
troduced  in  early  July,  the  Scalar  i2000 
is  designed  to  eliminate  the  need  for 
an  external  library  control  server. 
Among  other  things,  the  system  can 
send  backup  failure  alerts  via  pager  or 
e-mail,  partition  a  library  into  multiple 
logical  libraries  and  perform  mixed 
media,  performance  and  proactive  sys¬ 
tem  readiness  checks. 

In  July,  San  Jose-based  Quantum  also 
introduced  DLTSage,  a  suite  of  predic¬ 
tive  and  preventative  diagnostic  tools 


that  run  on  its  SDLT  tape  drives  to 
help  ensure  that  backups  have  com¬ 
pleted  successfully.  The  applications 
can  also  tell  administrators  when 
drives  have  reached  critical  thresholds 
for  capacity  and  predict  where  and 
when  errors  may  occur. 

Here  Come  the  Hybrids 

While  disk-to-disk  backup  is  already 
popular,  during  the  coming  year,  man¬ 
ufacturers  plan  to  introduce  more  hy¬ 
brid  systems  that  combine  disk  with 
tape  libraries  in  storage-area  networks 
for  faster  backups  and  restores  and 
easier  archiving.  ADIC,  for  example, 
plans  to  introduce  a  combined 
tape/disk  library  this  month. 

“You  won’t  just  have  tape.  One  could 
imagine  RAID-protected  disk  where 
I/Os  from  the  backup  job  are  complet¬ 
ed  at  [wire]  speed  while  the  [library] 
robot,  through  management  software, 
stages  it  on  tape  drives  for  archival,” 
says  StorageTek’s  Laughlin. 

Ultimately,  however,  scalability  and 
restorability  will  continue  to  be  the 
key  criteria  to  take  into  account  when 
selecting  tape  systems,  says  Deloitte 
Consulting’s  Eriksen.  “We’re  looking 
for  a  single  solution  that  can  cover 
everything,  regardless  of  the  needs  we 
have,”  he  adds.  I 


TAPE  VENDOR  LINKS 

To  get  a  sampling  of  vendor  offerings  for  SDLT. 
S-AIT  and  LTO-2  tape  drives,  go  to  our  Web  site: 

QuickLink  40571 


To  learn  more  on  this  subject,  visit  our  Storage 
Knowledge  Center: 

O  QuickLink  k1700 

www.computerworld.com 


Tape  Gets  Faster. . . 


. . .  As  Cartridge  Capacity 
Grows  to  Terabytes 
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GENOA  II: 

Man  and  Machine 
Thinking  as  One 

Can  software  algorithms  predict  a  terrorist’s 
next  move  before  he  makes  it?  By  Dan  Verton 


Some  of  the 
technology 
shown  in  last 
year’s  block¬ 
buster  movie  Minority  Report 
may  soon  be  a  reality  and  a 
centerpiece  of  the  intelligence 
community’s  war  on  terror¬ 
ism.  In  the  futuristic  thriller, 
Tom  Cruise  played  the  head  of 
a  police  unit  that  uses  psychic 
technology  to  arrest  and  con¬ 
vict  murderers  before  they 
commit  their  crimes. 

Research  into  new  intelli¬ 
gence  technology  is  taking 
place  as  part  of  a  $54  million 
program  known  as  Genoa  II,  a 
follow-on  to  the  Genoa  I  pro¬ 
gram,  which  focused  on  intel¬ 
ligence  analysis. 

In  Genoa  II,  the  Defense 
Advanced  Research  Projects 
Agency  (DARPA)  is  studying 
potential  IT  that  may  not  only 
enable  new  levels  of  collabo¬ 
ration  among  teams  of  intelli¬ 
gence  analysts,  policy-makers 
and  covert  operators,  but 
could  also  make  it  possible  for 
humans  and  computers  to 
“think  together”  in  real  time  to 
“anticipate  and  preempt  ter¬ 
rorist  threats,”  according  to 
official  program  documents. 

“While  Genoa  I  focused  on 
tools  for  people  to  use  as  they 
collaborate  with  other  people, 
in  Genoa  II,  we  also  are  inter¬ 
ested  in  collaboration  be¬ 
tween  people  and  machines,” 
said  Tom  Armour,  Genoa  II 
program  manager  at  DARPA, 
speaking  at  last  year’s  DARPA- 
Tech  2002  conference  in 
Anaheim,  Calif.  “We  imagine 
software  agents  working  with 
humans  . . .  and  having  differ¬ 
ent  sorts  of  software  agents 
also  collaborating  among 
themselves.” 

Genoa  II  may  be  shelved  be¬ 
cause  of  its  central  role  in  the 
controversial  Terrorism  Infor¬ 
mation  Awareness  program, 
but  private-sector  researchers 
say  many  significant  advances 
are  still  possible  and  are,  in 
fact,  already  happening. 

For  example,  private-sector 
researchers  are  studying  cog¬ 
nitive  amplifiers  that  can  en¬ 
able  software  to  model  current 
ituations  and  predict  “plausi¬ 
ble  futures.”  Researchers  are 
also  on  the  verge  of  creating 
practical  applications  to  sup¬ 


port  cognitive  machine  intelli¬ 
gence,  associative  memory, 
biologically  inspired  algo¬ 
rithms  and  Bayesian  inference 
networks,  which  are  based  on 
a  branch  of  mathematical 
probability  theory  that  says 
uncertainty  about  the  world 
and  outcomes  of  interest  can 
be  modeled  by  combining 
common  sense  with  evidence 
observed  in  the  real  world. 

Anticomplexity 

The  goal  of  all  of  this  research 
is  to  find  a  way  to  make  com¬ 
puters  do  the  one  thing  they 
aren’t  very  good  at:  mimicking 
the  human  brain’s  abil¬ 
ity  to  reduce  com¬ 
plexity.  Computers 
are  good  at  doing 
things  like  playing 
chess  but  are  inca¬ 
pable  of “seeing” 
and  deciphering  a 
word  within  an  im¬ 
age.  Biologically  in¬ 
spired  algorithms 
—  the  mathematical 
underpinnings  of 
cognitive  machine 
intelligence  —  could  ° 
change  that. 

“One  way  to  make 
computers  more  in¬ 
telligent  and  lifelike 
is  to  look  at  living 
systems  and  imitate 
them,”  says  Melanie 
Mitchell,  an  associ¬ 
ate  professor  at 
Oregon  Health  & 

Science  University’s 


School  of  Science  &  Engineer¬ 
ing  in  Portland  and  author  of  a 
book  on  genetic  algorithms. 
“People  have  already  done 
that  with  the  brain  through 
neural  networks,  which  were 
inspired  by  the  way  the  hu¬ 
man  brain  works.” 

“In  the  brain,  you  have  a 
huge  number  of  simple  ele¬ 
ments  —  neurons  —  that  are 
either  on  or  off  and  are  work¬ 
ing  in  parallel.  And  in  ways 
that  are  still  fairly  mysterious, 
that  seems  to  collectively  pro¬ 
duce  very  sophisticated  learn¬ 
ing,”  says  Mitchell. 

But  there  are  other  exam¬ 


ples  of  astounding  possibili¬ 
ties,  all  of  which  have  poten¬ 
tial  applications  in  the  war 
on  terrorism.  For  example, 
Mitchell  points  to  ongoing 
studies  in  genetic  algorithms 
that  are  inspired  by  evolution 
—  a  computer  program  that 
evolves  a  solution  to  a  prob¬ 
lem  rather  requiring  a  person 
to  try  to  engineer  one.  Like¬ 
wise,  researchers  are  begin¬ 
ning  to  produce  security  ap¬ 
plications  that  mimic  the  hu¬ 
man  immune  system,  she  says. 

Hurtling  Forward 

Despite  formidable  technolog¬ 
ical  challenges, 
there  have  been 
successes  that 
could  become  real 
products  and  appli¬ 
cations  in  the  next 
12  to  24  months. 

One  of  those  suc¬ 
cesses  has  been  in 
the  development  of 
inference  net¬ 
works. 

“Some  of  the 
core  algorithms  we 
are  working  with 
have  been  around 
for  centuries,”  says 
Ron  Kolb,  director 
of  technology  at 
San  Francisco- 
based  Autonomy 
Inc.,  a  firm  that 
makes  advanced 
pattern-recognition 
and  knowledge  man¬ 
agement  software. 


“It’s  just  now  that  we’re  find¬ 
ing  the  practical  applications 
for  them.” 

For  example,  Autonomy 
uses  a  proprietary  blend  of 
Bayesian  statistics  and  Claude 
Shannon’s  Information  Theo¬ 
ry,  which  says  it’s  possible 
to  separate  critical  elements 
of  information  from  large 
streams  of  audio  data,  to  pro¬ 
duce  algorithms  that  are  mak¬ 
ing  computers  smarter  and 
able  to  learn. 

“We’re  able  to  produce  an 
algorithm  that  says  here  are 
the  patterns  that  exist,  here 
are  the  important  patterns 
that  exist,  here  are  the  pat¬ 
terns  that  contextually  sur¬ 
round  the  data,  and  as  new 
data  enters  the  stream,  we’re 
able  to  build  associative  rela¬ 
tionships  to  learn  more  as 
more  data  is  digested  by  the 
system,”  says  Kolb. 

The  computers  of  tomorrow 
will  also  know  when  two  or 
more  intelligence  analysts  are 
interested  in  or  working  on 
the  same  problem  and  will  au¬ 
tomatically  link  those  analysts 
and  their  data,  he  says. 

In  fact,  many  automotive 
and  aerospace  manufacturers 
have  used  rudimentary  pieces 
of  this  type  of  capability  and 
have  saved  millions  of  dollars 
by  leveraging  developmental 
expertise  across  functional  ar¬ 
eas,  says  Kolb.  Likewise,  such 
computers  could  be  able  to 
spot  a  person  leaving  a  suspi¬ 
cious  bag  at  an  airport  and  au¬ 
tomatically  alert  security. 
“We’re  no  longer  looking  for 
information,  information  is 
looking  for  us,”  Kolb  says. 

But  Grant  Evans,  CEO  of 
A4Vision  Inc.  in  Cupertino, 
Calif.,  and  an  expert  in  cogni¬ 
tive  machine  intelligence  and 
biologically  inspired  algo¬ 
rithms,  says  he  thinks  he  has 
an  idea  of  where  it’s  all  lead¬ 
ing.  “The  algorithms  today, 
particularly  biometric  algo¬ 
rithms,  are  very  intuitive, 
meaning  the  more  you  use 
them,  the  more  they  learn,” 
says  Evans.  “Now  we’re  inte¬ 
grating  cognitive  machine  in¬ 
telligence  in  the  form  of  video 
with  avatars  [3-D  digital  ren¬ 
derings  of  real  people]  that 
can  see  and  track  you.  That’s 
the  computer  of  the  future.”  I 


www.computerworld.com 


TECHNOLOGY 


COMPUTERWORLD  September  1, 2003 


New  Spam  Policy: 
Return  to  Sender 

Kicking  back  suspected  spam  dramatically 
reduces  unwanted  e-mails,  but  not  before 
creating  an  endless  loop  of  confusing 
messages.  By  Vince  Tuesday 


WE’VE  been  trying  to 
control  the  problem 
of  spam,  and  at  long 
last,  we  can  see 
light  at  the  end  of  the  tunnel. 

My  security  team  and  I  al¬ 
ready  use  an  outsourced  ser¬ 
vice  that  identifies  spam  and 
labels  each  message  accord¬ 
ingly.  It  does  a  surprisingly 
good  job,  but  most  users  still 
read  every  spam- 
labeled  message,  even 
though  only  one  in 
10,000  e-mails  is  in¬ 
correctly  marked. 

Last  week,  we  im¬ 
plemented  the  next 
phase:  We  reconfig¬ 
ured  our  e-mail  gateway  to  re¬ 
turn  spam  to  the  sender. 

Now  the  end  user  never 
sees  any  e-mails  identified  as 
spam.  Instead,  we  send  those 
e-mails  back  to  the  return  ad¬ 
dress  and  give  the  sender  in¬ 
structions  on  how  to  be  added 
to  the  “allowed”  list.  This 
process  uses  fax  rather  than 
e-mail,  so  it  costs  senders  time 
and  effort.  But  we  figure  that 
if  they  are  legitimate  business 
users,  they’ll  follow  this  sim¬ 
ple  process. 

Just  over  half  of  our  daily 
e-mail  is  spam,  so  returning  it 
saves  enormous  amounts  of 
disk  space  and  e-mail  server 
processing  power. 

A  Rare  Thank  You 

Seven  days  into  using  the  new 
system,  it’s  working  like  a 
dream.  We’ve  had  no  com¬ 
plaints,  and  a  handful  of  users 
even  phoned  to  say  thank  you 
—  a  pretty  rare  experience  for 
my  team. 

We’ve  sent  back  hundreds 
of  thousands  of  messages,  and 
only  one  sender  asked  to  be 


added  to  our  allowed  list. 
That’s  a  near-perfect  record. 

But  we’ve  had  some  prob¬ 
lems.  Here’s  one:  We  send  our 
returned  messages  from  a  spe¬ 
cial  not_read@company.com 
e-mail  address.  We  were  ini¬ 
tially  worried  that  by  doing  so 
we  might  inadvertently  create 
e-mail  loops. 

Some  of  the  spam  comes 

from  semilegitimate 
companies  that  use 
a  genuine  source  ad¬ 
dress  and  have  an 
autoreply  on  that 
address.  We  worried 
that  our  returned 
spam  would  cause 
them  to  send  us  an  autoreply 
that  would  be  marked  as  spam 
and  returned  to  them,  which, 
of  course,  they  would  reply  to 
with  another  message  that  we 
thought  was  spam  and  so  on. 
So  we  put  in  a  rule  that  if  the 
incoming  e-mail  is  addressed 
to  not_read@company.com 
and  is  marked  by  the  antispam 
company  as  spam,  then  our 
rule  discards  it  instead  of 
sending  another  alert. 

Since  it’s  likely  that  many 
of  the  return  addresses  on 
spam  e-mails  are  fake  and 
that  innocent  users  will  re¬ 
ceive  our  replies,  we  made 
sure  our  responses  were  po¬ 
lite.  In  fact,  half  the  messages 


Our  antispam  sys¬ 
tem  had  spammed 
our  own  e-mail 
administrators. 


we  returned  bounced.  This 
means  that  the  not_  read  ac¬ 
count  gets  pretty  busy.  But  af¬ 
ter  this  week  of  bedding  in,  we 
really  won’t  read  messages 
sent  to  it.  Instead,  we  will  just 
delete  them. 

We  thought  we  had  covered 
all  the  fairly  obvious  problems 
pretty  well,  but  we  hadn’t 
thought  of  everything.  I  was 
surprised  to  come  in  one  day 
to  find  that  the  team  that  mon¬ 
itors  the  postmaster  e-mail  ac¬ 
count  was  unhappy  with  us. 

Endless  Autoreplies 

Our  system’s  autoreply  to  a 
spam  from  an  online  catalog 
vendor  had  received  a  reply 
from  that  vendor’s  autoreply 
system,  and  our  postmaster 
account  had  received  tens  of 
thousands  of  messages 
overnight.  It  seemed  that 
somehow  we  had  created  a 
loop  that  included  the  post¬ 
master  account. 

As  with  most  Web  sites,  our 
postmaster  account  is  read  by 
a  real  person.  This  gives  ad¬ 
ministrators  a  way  to  contact 
other  administrators  to  trou¬ 
bleshoot  problems  with  the 
e-mail  system  itself. 

In  our  case,  for  some  reason 
the  postmaster  account  had 
replied  to  every  message  sent 
to  not_read,  and  that  account 
was  getting  autoreplies  back 
from  the  online  catalog  com¬ 
pany.  But  the  not_read  ac¬ 
count  wasn’t  receiving  any  of 
these  messages,  so  it  was  diffi¬ 
cult  for  us  to  investigate. 

We  looked  into  all  kinds  of 
bizarre  theories.  Perhaps  our 
e-mail  was  being  spoofed  by  a 
spammer  to  get  back  at  us? 
Perhaps  our  outsourced  ser¬ 
vice  was  blocking  them  be¬ 
cause  of  the  number  of  mes¬ 
sages  to  and  from  this  ac¬ 
count?  It  was  frustrating.  Then 
I  began  to  think  about  why  an 
e-mail  in-box  wouldn’t  have 
any  new  mail  in  it.  I  asked  the 


team,  and  one  of  them  sug¬ 
gested  that  it  might  be  full. 

I  could  only  laugh,  because 
that  was  the  sort  of  question 
we  should  have  asked  at  the 
beginning,  not  after  we  had 
wasted  our  time  investigating 
wild  theories.  The  not_read 
mailbox  had  filled  up  with 
all  the  rubbish  being  re¬ 
turned,  and  the  postmaster 
account  was  returning  every 
subsequent  e-mail  sent  to 
not_read  to  the  sender.  But 
every  message  returned  to 
the  catalog  company  received 
an  autoreply  to  the  postmas¬ 
ter  account. 

Once  we  deleted  all  the  old 
messages  in  not_read,  we 
stopped  the  problem.  But  it 
was  a  bit  embarrassing  to 
know  that  our  antispam  sys¬ 
tem  had  spammed  our  own 
e-mail  administrators. 

I  do  feel  guilty  about  push¬ 
ing  the  problem  of  sorting 
through  the  spam  back  onto 
the  sender.  It  would  be  better 
if  everyone  was  civilized  and 
we  could  trust  them  to  send 
only  things  we  want.  But  we 
have  to  pay  to  receive  spam 
that  uses  up  our  network 
bandwidth,  e-mail  server  re¬ 
sources  and  the  recipient’s 
time,  so  I  feel  justified  in  forc¬ 
ing  the  senders  of  e-mails 
that  look  like  spam  to  jump 
through  a  few  hoops. 

A  handful  of  spam  messages 
still  get  through  each  day.  And 
already,  our  users  have  accli¬ 
mated  to  the  dramatically  low¬ 
er  levels  of  spam  and  are  com¬ 
plaining  that  even  this  re¬ 
duced  level  is  unacceptable. 
It’s  good  that  we’re  being 
pushed  to  always  improve,  but 
I  hope  we  can  convince  users 
that  this  current  level  of  con¬ 
trol  is  right  for  the  issues  that 
spammers  pose  now.  Maybe, 
just  maybe,  it  will  hold  until 
new  laws  are  passed  and  en¬ 
forced  and  spamming  finally 
drops  away.  I 

WHAT  DOYOU  THINK? 

This  week's  journal  is  written  by  a  real 
security  manager,  “Vince  Tuesday,"  whose 
name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  him  at  vince. 
tuesday@hushmail.com,  or  join  the  dis¬ 
cussion  in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to 
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Security  Bookshelf 

Rea! 802.11 Security:  Wi-Fi 
Protected  Access  and 802. 11i, 
by  Jon  Edney  and  William  A. 

Arbaugh,  Addison- 
Wesley,  2003. 

The  promise  of 
wir  eless  LANs 
has  been  delayed 
by  inadequate 
security  technol¬ 
ogy  to  the  point 
where  WLANs 
have  become 
synonymous  with  \  . 

security  weaknesses.  This 
book  explains  what’s  wrong 
with  the  Wired  Equivalent  Pri¬ 
vacy  protocol  and  what  the  in¬ 
dustry  has  done  to  fix  the  ma¬ 
jor  problems  in  introducing  the 
standards  Wi-Fi  Protected  Ac¬ 
cess  and  802.11i,  which  speci¬ 
fies  the  use  of  the  Temporal 
Key  Integrity  Protocol  and  the 
Advanced  Encryption  Stan¬ 
dard.  This  book  provides  su¬ 
perbly  detailed  guides  to  build¬ 
ing  wireless  services  securely 
and  includes  a  fully  working 
example  using  free  software. 

This  is  a  good  handbook  for 
WLAN  administrators  who 
want  to  avoid  the  security  pit- 
falls  that  have  hampered  wire¬ 
less  networks  so  far. 

-  Vince  Tuesday 

Device  Provides 
Key  Storage  for 
Windows  2003 

NCipher  PLC,  a  Cambridge, 
England-based  security  firm 
with  U.S.  headquarters  in 
Woburn,  Mass.,  last  week  up¬ 
graded  its  line  of  hardware- 
based  cryptographic  key  man¬ 
agement  products  with  a  new 
device  featuring  support  for 
Microsoft  Corp.’s  Windows 
Server  2003.  The  product  is 
compliant  with  the  Federal  In¬ 
formation  Processing  Stan¬ 
dard  (140-2)  and  will  give 
users  a  tamper-resistant  envi¬ 
ronment  for  storing  and  man¬ 
aging  cryptographic  keys  used 
to  secure  Windows  Server 
2003  and  .Net  environments, 
nCipher  says.  The  company’s 
boxes  range  in  price  from 
$5,800  to  $19,500. 


Digital  Document 
Security  and  IT: 
Everything  you 
need  to  know. 

What  are  the  most  significant 
•  digital  copier  security  issues? 

Am  Various  copier  print  controllers 
•  are  actually  servers  that  queue 
and  permanently  store  multiple 
document  files,  providing  administrator 
access  to  the  documents.  At  a 
minimum,  most  digital  copiers  retain 
the  last  document  processed;  some 
even  retain  multiple  documents 
totaling  hundreds  of  pages.  Others 
redirect  print  jobs  when  the  printer  is 
busy  or  jammed,  making  "denial  of 
service"  attacks  possible. 

Q#  How  does  Sharp  protect  the 
•  network  interface? 

Am  The  Sharp  Ethernet  card  allows 
•  administrators  to  restrict 
access  and  disable  unnecessary 
protocols.  With  this  network  card,  the 
Sharp  digital  copier  is  essentially 
protected  by  its  own  firewall. 

Q#  How  can  you  be  sure  that 
•  security  products  actually 
perform  as  claimed? 

A#  The  Common  Criteria 

•  program — administered  by 
the  U.S.  National  Security  Agency  and 
the  National  Institute  of  Standards 
and  Technology — evaluates  security 
solutions.  Products  that  are  validated 
under  the  program  meet  security 
levels  consistent  with  ISO  1 5408 
methodology. 

Q#  How  can  Sharp  improve  IT 
•  security? 

A#  Sharp  offers  print  privacy 
•  solutions  designed  to  restrict 
unauthorized  personnel  from  seeing 
confidential  materials.  Copier  access 
can  be  controlled  and  monitored, 
while  documents  retained  in  printer/ 
copier/scanner/fax  memory  are 
immediately  cleared  to  eliminate 
unauthorized  access. 
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PAUL  A.  STRASSMANN 

The  Curse  of 
IT  Infrastructure 


IN  JULY,  the  General  Accounting  Office  pub¬ 
lished  what  I  consider  a  rare  insight  into  IT 
spending.  The  agency  broke  down  the  $26  bil¬ 
lion  Department  of  Defense  IT  budget  into 
the  following  categories:  business  systems, 
$5.2  billion;  business  infrastructure,  $12.8  billion; 
mission  support  (including  its  own  separate  infra¬ 
structure),  $8  billion. 

Less  than  half  of  the  total  cost  is  accounted  for  by 
the  share  of  spending  that  directly  and  visibly  sup¬ 
ports  users.  The  lion’s  share  goes  toward  the  “infra¬ 
structure”  —  the  hole  from  whence  bugs,  disruptions 


and  mysterious  failures 
come. 

Here  we  have  an  audit 
confirming  what  I  have 
seen  creeping  up  on  IT 
for  more  than  20  years:  It 
isn’t  the  applications  but 
the  need  to  support  a 
costly  infrastructure  that 
has  been  dampening  the 
funding  for  technological 
innovation. 

You  can  always  get 
votes  for  adding  another 
attractive  application.  But 
hardly  anybody  will  sign 
up  to  support  an  infra¬ 
structure  that  may  be  serving  cus¬ 
tomers  who  aren’t  paying  their  way. 
Selling  tickets  for  seats  in  fancy  rail 
cars  was  always  easy.  Finding  money 
to  pay  for  the  track,  switches,  signal 
equipment  and  the  fuel  depot  was  al¬ 
ways  much  harder. 

The  root  cause  of  IT  failures  and 
excessive  IT  costs  in  large  organiza¬ 
tions  lies  in  rickety  infrastructures 
put  in  place  one  project  at  a  time. 
What  you  usually  have  in  large  orga¬ 
nizations  is  not  a  secure,  low-cost 
and  reliable  infrastructure  but  a 
patchwork  of  connections  cobbled 


together  without  suffi¬ 
cient  funding  and  rushed 
to  completion  without 
sufficient  safeguards. 

The  currently  fashion¬ 
able  approach  is  to  im¬ 
pose  centrally  dictated 
“architectures”  to  cure 
the  pains  from  incompat¬ 
ible  and  redundant  sys¬ 
tems.  Such  architectures 
are  just  another  way  of 
achieving  order  through 
centralization  and  con¬ 
solidation.  Unfortunate¬ 
ly,  under  rapidly  chang¬ 
ing  conditions,  such  a 
cure  may  be  worse  than  the  original 
disease. 

Invariably,  centralization  involves 
the  awarding  of  a  huge  outsourcing 
contract  to  a  vendor  for  whom  a  crit¬ 
ical  piece  of  the  infrastructure  is 
carved  out,  such  as  the  management 
of  desktops.  Associated  servers, 
switches  and  data  centers  may  also 
be  included  in  the  IT  territory  ceded 
to  the  outsourcer,  while  the  resident 
IT  bureaucracy  always  keeps  tight 
control  of  a  few  fatally  critical  com¬ 
ponents  in  order  to  retain  its  ab¬ 
solute  power. 


PAUL  A.  STRASSMANN 
(paul@strassmann.com) 

has  concluded  that  the 
best  way  of  presenting  a 
business  case  for  IT 
investments  is  to  make 
if  a  discretionary 
variable  expense. 


This  approach  to  fixing  infrastruc¬ 
ture  deficiencies  is  flawed  because 
the  sequence  for  fixing  a  broken  set¬ 
up  is  backward.  Contracting  for  an 
infrastructure  should  be  the  last  — 
not  the  first  —  step  in  putting  im¬ 
proved  systems  in  place. 

First,  IT  managers  should  focus  on 
determining  which  applications 
must  be  delivered  immediately.  The 
reliability,  affordability  and  timing  of 
application  services  will  dictate 
which  one  of  the  many  conceivable 
infrastructures  would  work  best  to 
solve  high-priority  problems. 

Second,  the  organization’s  man¬ 
agement  structure  and  business 
goals  must  be  set.  I  don’t  see  how 
one  can  get  funding  for  overhauling 
infrastructure  as  a  separate  invest¬ 
ment.  As  a  credible  business  case, 
such  investments  offer  notoriously 
sterile  ground.  Infrastructures  must 
be  designed  so  that  each  step  can  be 
financed  with  incremental  funding. 
Such  economics  make  outsourcing 
of  infrastructure  services  to  a  com¬ 
puting  “utility”  the  preferred  solu¬ 
tion.  The  recent  huge  wins  by  a  com¬ 
puter  services  firm  offering  “on-de¬ 
mand”  usage  pricing  is  a  good  sign 
that  customers  are  ready  to  buy 
computing  “by  the  quart”  instead  of 
owning  a  farm. 

Third,  a  feasible  transition  plan  for 
legacy  applications  must  be  devel¬ 
oped  and  tested  prior  to  making  the 
least  risky  technical  choices. 

Only  after  the  completion  of  this 
sequence  would  it  be  safe  to  proceed 
with  outsourcing.  Precipitous  con¬ 
tracting  for  infrastructure  services  is 
only  for  the  hasty  and  the  impatient 
(who  will  be  long  gone  when  the  au¬ 
ditors  finally  show  up).  I 


WANT  OUR  OPINION? 

OFor  more  columns  and  links  to  our  archives,  go  to 

www.computerworld.com/opinions 


V 


j 

I 


^T^qTj 


l^S 


rn£j°' 


^Trends  in  Proprietary  Information  Loss  Survey  (ASIS  2002).  ©2003  Sharp  Electronics  Corporation. 


How  secure  is  your  digital  information? 


Protect  your  information  with  the  Data  Security 
Kit  from  Sharp.  Financial  facts,  personnel  records, 
customer  lists:  networked  copiers/printers  process 
sensitive  information  every  day.  Unfortunately,  their 
hard  drives  can  also  be  accessed  via  the  network, 
contributing  to  $60  billion  worth  of  information 
theft  every  year.*  To  protect  this  weak  link  in  your 


%  Common  Criteria 


corporate  security,  we've  created  our  Data  Security 
Kit.  It's  the  first  copier  and  printer  protection  to 
be  validated  by  Common  Criteria,  a  government- 
sponsored  program,  and  it's  available  only  with 
our  Digital  IMAGER™  series  of  copiers/printers. 
Sharp's  Data  Security  Kit.  Enhanced  information 
protection  at  your  fingertips,  sharpusa.com/security 
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Did  you  knowthatsomeofour 

BEST  STORAGE  PRODUCTS  COME 
ON  A  DIFFERENT  KIND  OF  DISK? 


where  information  lives 


OUR  SOFTWARE  GIVES  YOU  SOME 
VERY  SMART  CHOICES. 


To  manage  complexity,  you’ve  got  to  outsmart  it.  EMC  Automated  Networked  Storage™  delivers  the 
software  that  automates  management  of  your  multi-vendor  storage  infrastructure,  including  the  most 
enor-prone  tasks  such  as  monitoring  and  provisioning.  Now  you  can  gain  a  unified,  end-to-end  view  ofyour 
entire  environment.  Define  your  service  levels.  And  run  an  agile,  active  infrastructure  that  helps  the  busi¬ 
ness  pounce  on  opportunity. 

See  how  other  companies  are  using  EMC  Automated  Networked  Storage  to  manage  more 
information  with  less  effort  at  www.EMC.com. 


EMCJ  and  EMC  are  registered  trademarks  and  EMC  Automated  Networked  Storage  and  where  information  lives  are  trademarks  of  EMC  Corporation.  ©2003  EMC  Corporation.  All  rights  reserved. 
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Global  Toolbox 

Business  Rules  Come  First 

Managers  try  various  tools  — 

Don’t  start  an  IT  project  without  a  clear  set  of 

including  videoconferencing 

written  rules  about  the  way  your  company 

and  distributed  software  — 

conducts  business,  advises  Ronald  G.  Ross  in 

to  help  keep  tabs  on  offshore 

this  excerpt  from  Principles  of  the  Business 

contractors.  Page  29 

Rule  Approach.  Page  30 

QUOTE  OF  THE  WEEK 


MThe  technology  that  you 
create  bears  the  marks  of 
your  team  just  as  a  stone  ax 
shows  the  marks  of  an  ancient 
flintknapper. 


-  Paul  Glen,  Computerworld  contributing 
columnist  and  principal  of  C2  Consulting. 


Bootleg  IT 
projects  are  going  on 
behind  your  back. 
Here’s  how  to  cope. 

BY  GARY  H.  ANTHES 


C 10  JOSEPH  PUGLISI  says  he  had  no  idea  the  IT 
project  was  going  on.  And,  he  says,  the  Emcor 
Group  Inc.  business  unit  installing  the  ERP  pack¬ 
age  had  no  idea  it  had  selected  a  product  that 
Puglisi  had  earlier  reviewed  and  panned.  “Ulti¬ 
mately,  the  project  was  a  disaster,”  he  says. 

“It  was  all  done  under  the  radar,”  Puglisi  ex¬ 
plains.  “They  spent  more  than  a  year  fumbling 
along  trying  to  make  it  behave  in  a  way  that  would 
suit  their  business.  Finally,  they  did  ask  for  corpo¬ 
rate  guidance,  but  they  had  to  get  on  bended  knee 


and  plead  for  funding  to  displace  that  failed  imple¬ 
mentation  effort.” 

It  might  have  been  otherwise  at  the  Norwalk, 
Conn.-based  construction  and  facilities  management 
company.  “Had  they  come  to  us,  we  would  have  said, 
‘Here  are  the  choices  that  we  think  are  contenders,’  ” 
Puglisi  says.  “We’d  have  helped  them  choose  one, 
helped  write  the  scope  of  work,  identified  consul¬ 
tants,  identified  hardware  and  generally  played  a  sig¬ 
nificant  advisory  role.” 

Systems  projects  done  without  the  knowledge  or 
oversight  of  the  IT  organization,  so-called  rogue  proj¬ 
ects,  may  spring  up  because  users  see  IT  as  a  source 
of  red  tape  or  excessive  cost.  Or  because  they’re  look¬ 
ing  for  temporary  or  quick-and-dirty  systems  that 
they  see  as  low-risk.  Or  they  don’t  see  the  IT  implica¬ 
tions  of  what  appear  to  be  non-IT  projects.  Whatever 
the  reason,  rogue  projects  often  have  unintended 
consequences.  Things  can  get  hurt  —  budgets,  sched¬ 
ules,  business  unit  operations,  careers  and  some¬ 
times  the  corporate  systems  that  IT  does  maintain. 

Most  IT  executives  admit  that  rogue  projects  go  on 
in  their  companies  (see  Computerworld  survey,  next 
page),  but  there’s  considerable  disagreement  as  to 
whether  the  practice  should  be  snuffed  out  or  facili¬ 
tated.  In  any  case,  CIOs  employ  a  wide  range  of 
strategies  for  dealing  with  these  bootleg  projects. 

Not  Enough  Cops 

David  Swartz,  CIO  at  George  Washington  University 
in  Washington,  says  rogue  projects  aren’t  all  bad.  The 
danger  comes,  he  says,  when  a  small,  isolated  system 
grows  into  an  enterprise  application  without  the 
careful  stewardship  of  IT. 

It  all  started  innocently  enough  at  the  school, 
Swartz  says.  An  administrative  department  asked 
AT&T  Corp.  to  develop  a  debit  card  system  that  stu¬ 
dents  could  use  to  buy  meals  and  other  things.  IT 
wasn’t  involved.  Soon  someone  realized  that  the  card 
system  could  be  expanded  to  control  access  to  park¬ 
ing,  and  then  access  to  buildings.  “More  and  more 
user  departments  piled  on,  and  it  became  an  enter¬ 
prise  application,”  Swartz  says. 

At  least  he  saw  it  coming.  “I  reviewed  their  proce¬ 
dures  and  controls.  They  had  no  backup,  no  redun¬ 
dancy.  If  the  server  failed,  guess  what  —  not  only  can 
you  not  get  into  the  parking  lot,  you  can’t  get  into  the 
building,  and  you  can’t  buy  food.  The  university 
shuts  down.” 

Based  on  that  review,  Swartz  persuaded  the  univer¬ 
sity  to  give  him  the  back  end  of  the  system,  the  oper¬ 
ational  side.  But  before  he  could  put  in  his  controls 
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The  vast  majority  of  the  108 
IT  professionals  surveyed  said 
rogue  IT  projects  and  unautho¬ 
rized  products  are  a  fact  of  life 
in  corporate  America, 

ns  80%  said  there  are  computer  proj¬ 
ects  under  way  in  their  companies  that 
don’t  involve  the  IT  department. 

a  58%  said  their  companies  have 
policies  that  bar  significant  IT  projects 
from  being  undertaken  without  IT  de¬ 
partment  approval  or  control. 

■  86%  said  IT  products  are  being 
installed  in  their  companies  without 
the  authorization  or  support  of  the  IT 
department. 

METHODOLOGY:  Computerworld 
solicited  responses  to  an  online  sur¬ 
vey  from  Aug.  5  to  Aug.  10, 2003.  A 
total  of  108  completed  surveys  were 
collected.  Respondents  came  from 
both  management  (38%)  and  tech¬ 
nical  staff  (51%)  areas  of  IT,  as  well 
as  contracting/consulting  (11%). 


IT  projects  done  outside  the 
IT  department  tend  to  be: 


Successful 


Unsuccessful 


NOTE:  106  responses  to  this  question;  total 
doesn't  equal  100%  because  of  rounding. 
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What  types  of  unauthorized 


SftS 


products  are  being  installed? 

PC  software 

32% 

PC  hardware 

24% 

Linux 

15% 

Wireless 

15% 

Apple/Macintosh 

6% 

Other 

8% 

NOTE:  Multiple  responses  allowed 

and  protections,  the  server  did  go 
down  and  stayed  down  for  a  day.  “They 
had  to  station  policemen  in  all  the 
buildings,”  Swartz  says.  “But  we  have 
80  buildings,  and  there  weren’t  enough 
police,  so  we  had  to  station  other  em¬ 
ployees  to  guard  the  buildings.” 

And  that  wasn’t  the  end  of  it.  Prob¬ 
lems  persisted  because  the  user  de¬ 
partments  had  kept  the  application 
development  side  of  the  system.  “They 
upgraded  the  software  without  testing 
it,  and  that  caused  all  kinds  of  outages 
and  problems,”  Swartz  says.  “Now  they 
are  moving  the  application  side  to  us 
as  well.” 

In  the  wake  of  that  debacle,  senior 
university  management  decreed  that 
a  policy  on  rogue  IT  be  developed. 
Among  other  things,  it  will  stipulate 
that  any  application  that  spans  more 
than  one  department  must  be  owned 
by  central  IT,  Swartz  says. 

The  Phase  Matters 

John  Ounjian,  CIO  at  Blue  Cross  and 
Blue  Shield  of  Minnesota,  looks  not  so 
much  at  the  organizational  scope  of  an 
IT  project  as  whether  it’s  in  the  assess¬ 
ment,  design  or  development  stage. 
Users  may  conduct  the  assessment 
phase  of  a  project,  even  a  large  and 
complex  one,  on  their  own.  But  in  the 
later  phases  of  a  project,  even  a  tiny 
one  such  as  the  installation  of  a  single 
PC,  IT  must  be  involved. 


“I  have  a  higher  tolerance  for  rogue 
projects  in  the  assessment  phase,” 
Ounjian  says.  “IT  shouldn’t  be  so  para¬ 
noid.  The  business  area  really  has  the 
accountability  in  terms  of  what  needs 
to  be  done,  and  IT  has  the  accountabil¬ 
ity  for  how  it’s  implemented.” 

Geisinger  Health  System  in  Danville, 
Pa.,  has  largely  mitigated  the  risks 
from  bootleg  projects  by  placing  IT 
staffers  in  the  user  departments  where 
these  projects  might  occur.  “We  have 
people  who  support  laboratory  sys- 


The  IT  shop  at  J.R.  Simplot  Co.,  a  $3  bil¬ 
lion  agribusiness  concern  in  Boise,  Idaho, 
often  allows  other  departments  to  under¬ 
take  IT  projects.  That  can  happen  if  the  IT 
department  doesn’t  have  the  resources 
needed  at  the  time  or  when  the  system 
draws  on  expertise  uniquely  available  in 
some  other  business  unit,  according  to 
CIO  Roger  Parks. 

Here  are  some  examples: 

■  The  company’s  online  wholesale 
food  shop,  SimplotFoods.com,  was  de¬ 
veloped  by  the  marketing  department 
and  a  Web  development  company. 

■  People  with  IT  experience  in  Food 
Group  Plant  Operations  are  developing  a 
manufacturing  management  system. 


terns  in  the  same  physical  location  as 
the  laboratory  management  people. 
Same  for  radiology,  same  for  the  busi¬ 
ness  office,”  says  CIO  Frank  Richards. 

That’s  a  good  model  for  a  company 
with  a  lot  of  specialized  equipment 
with  hooks  into  IT,  Richards  says.  “The 
business  units  have  learned  over  the 
years  that  it’s  better  to  have  us  in¬ 
volved  upfront,  because  sooner  or  lat¬ 
er,  they  are  going  to  want  to  connect 
whatever  it  is,  such  as  a  piece  of  radiol¬ 
ogy  equipment,  to  the  network,  and 
they  can’t  do  that  without  us,”  he  says. 

Richards  says  a  department  recently 
wanted  to  buy  a  physician-reporting 
system  but  hadn’t  worked  closely  with 
central  IT.  “We  said,  ‘No,  no,  no,  we 
really  have  to  go  through  a  process 
here,  do  a  needs  assessment,  look  at 
the  ROI  and  look  at  how  it  fits  into 
your  workflow.’” 

Indeed,  workflow  turned  out  to  be 
a  problem.  The  system  would  have 
greatly  reduced  the  time  it  took  an  ex¬ 
amining  physician  to  create  diagnostic 
reports,  “but  they  didn’t  have  the  staff 
to  turn  the  rooms  fast  enough  to  get 
the  doctor  to  see  the  next  patient,” 
Richards  explains.  “It  was  very  eye¬ 
opening  for  them  to  realize  that  even 
though  we  don’t  know  clinically  what 
they  do,  we  understand  workflow  and 
can  help  them  translate  that  into  what 
the  system  will  and  won’t  do.” 

Times  Are  Changing 

Greg  Schueman,  chief  technology  offi¬ 
cer  at  Mercury  Insurance  Group  in  Los 
Angeles,  says  the  definition  of  rogue 
technology  is  changing,  and  IT  depart¬ 
ments  should  change  with  it. 

“Having  IT  be  the  absolute  gate¬ 
keeper  and  owner  over  everything  isn’t 


■  The  human  resources  department 
oversaw  the  outsourcing  of  a  learning 
management  system. 

■  IT  personnel  in  AgriBusiness  Plant 
Operations  developed  plant-specific  envi¬ 
ronmental,  health  and  safety  systems. 

■  AgriBusiness  subject-matter  experts 
and  on-site  IT  people  developed  a  system 
to  extract  and  analyze  maintenance  and 
procurement  performance  metrics  from 
the  company’s  ERP  system. 

Parks  says  he  has  succeeded  in  help¬ 
ing  even  geographically  scattered  users 
by  publishing  IT  standards  for  all  users  in 
areas  such  as  databases,  query  tools, 

PCs,  servers  and  e-mail. 

-  Gary  H.  Anthes 


When  Rogue  Is  Right 


Chris  Tucci  says  he  had  to  resort 
to  trickery  to  get  IT  requests  past 
the  central  IT  department.  “If  we 
knew  they’d  approve  a  printer,  for 
example,  then  we’d  spec  out  a 
computer  as  ‘printer-support 
equipment.’  Sometimes  you  have 
to  run  a  smoke  screen  to  support 
your  objectives.” 

Tucci  was  a  contractor  hired  by 
end  users  at  Idaho  National  Engi¬ 
neering  Laboratory  in  Idaho  Falls, 
and  his  objective  was  to  meet  his 
users’  needs,  no  matter  what. 

“We  had  customers  coming  to 
us  and  saying,  ‘I  need  to  do  this,’ 
and  we’d  approach  the  on-site  IT 
people  and  they’d  say,  ‘We  can 
look  at  it,  but  it  will  take  months 
to  get  funding,’  ”  Tucci  says.  “So 
we’d  do  any  work-around  we 
could.” 

Sometimes,  the  resident  IT 
group  found  out  about  those  rogue 
projects.  “Bent  noses  were  com¬ 
mon,”  Tucci  acknowledges.  “But 
eventually  they  got  over  it  because 
instead  of  saying,  ‘Ha-ha,  we  one- 
upped  you,’  we’d  invite  them  in. 
We’d  tell  them  what  we  were  do¬ 
ing  and  how  it  was  done,  and  they 
might  be  able  to  use  it  in  other 
departments.” 

-  Gary  H.  Anthes 


going  to  work  in  the  future,  because 
other  executives  are  going  to  develop  a 
lot  of  expertise  in  these  areas,”  he  says. 
“When  I  look  at  the  IT  of  the  future,  it 
really  becomes  a  lot  more  of  a  compe¬ 
tency  center  for  program  management, 
contract  management,  relationship 
management.” 

For  example,  Schueman  says,  the  IT 
shop  should  apply  its  special  skills  in 
IT  contract  negotiations.  He  says  he 
recently  delayed  a  project,  “while  the 
user  was  champing  at  the  bit,”  in  order 
to  better  negotiate  with  a  vendor.  “By 
waiting,  we  were  able  to  save  several 
hundred  thousand  dollars,”  he  says. 

So  what  should  CIOs  do  when  they 
discover  rogue  IT  projects  in  their 
companies?  Says  Emcor’s  Puglisi, 

“Take  a  look  at  yourself  and  try  to  un¬ 
derstand  why  it  would  happen.  Per¬ 
haps  they  had  a  bad  experience  with 
your  staff,  or  with  you,  or  maybe  they 
don’t  know  about  you.”  N 
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Don’t  get  stung  by  end-user  departments  that  negotiate 
contracts  with  application  service  providers: 
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and  Management 


Logged  in  Buyer,  Zeke  Derby.  Loo  Out  Change  View  :  admin 


RFXs 

Create  and  submit  RFXs  and 
evaluate  and  select  proposals 

Master  Service  Agreements 
View  master  service  agreement 
deteils 


Procure  and  Manage 


Service  Engagements 


Requisitions 

Create  and  send  requisitions  for 
approval 

Projects 

Create,  activate,  and  manage 
projects 

Service  Agreements 

Create,  award,  and  manage  service 

agreements 


Contingent  Labor 


Contractor  Requests 
Create  contractor  requests  and 
evaluate  and  select  candidates 

Work  Orders 

Publish,  approve,  and  manage 
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Invoices 

Manage  PO’s,  invoices,  and  time 
and  expanse 


Suppliers 


Supplier  Management 

Create,  activate,  and  manage 
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ELANCE  software  can  manage  service-level  agreements  and  invoices,  consolidate  message  traffic 
and  analyze  spending  patterns.  Both  the  client  and  contractor  need  to  install  the  software  -  but 
contractors  tend  to  go  along  as  a  contingency  for  getting  paid,  Elance  officials  say. 


SHAPE  THE  PROCESS  for 
managing  an  offshore 
IT  operation  into  a 
pyramid,  and  at  the  top 
are  personal  visits.  Di¬ 
rectly  below  that  are 
videoconferences,  fol¬ 
lowed  by  telephone 
calls,  e-mail,  instant  messaging  and  dis¬ 
tributed  software  development  tools. 

At  the  bottom  are  daily,  weekly  and 
monthly  reports. 

One  person  who  has  used  many  of 
those  pyramid  levels  is  Rao  Vellanki, 
operations  manager  at  Best  Buy  Co. 
Vellanki  moved  from  India  to  the  U.S. 
in  1977  at  the  age  of  24  and  lives  in  the 
Minneapolis  area.  But  last  year,  he  re¬ 
turned  to  India  for  a  two-year  assign¬ 
ment  to  manage  Best  Buy’s  offshore 
development  in  Chennai. 

The  Richfield,  Minn.-based  electron¬ 
ics  retailer  has  several  hundred  devel¬ 
opers  in  India,  many  with  outsourcer 
Wipro  Ltd.,  to  handle  the  management 
and  development  of  more  than  500 
applications. 

Vellanki  relies  on  a  variety  of  meth¬ 
ods  to  communicate  with  the  home 
office,  but  one  important  tool  is  video- 
conferencing.  “There  is  no  question, 
in  my  view,  that  seeing  the  faces  adds 
to  the  effectiveness  of  communica¬ 
tions,”  he  says.  Vellanki  adds  that 
videoconferencing  technology  needs 
to  improve,  but  it  does  the  job.  “The 
personal  touch  is  there,  the  integrity  is 
there  —  even  though  it’s  only  an  intan¬ 
gible,  we  find  it  unavoidable,”  he  says. 

Manage  Your  Contractors 

There  are  tools  and  techniques  for 
managing  every  aspect  of  offshore 
work.  For  instance,  Fieldglass  Inc.  in 
Chicago  has  software  for  procuring 
and  managing  contract  IT  labor.  And 


Elance  Inc.  in  Sunnyvale,  Calif.,  has 
software  for  procuring  services  and 
managing  the  contractual  relationship. 
Elance’s  software  automates  the  tasks 
of  contract  compliance  and  payment 
schedules:  If  the  contractor  hits  the 
milestones,  it  gets  paid;  if  it  doesn’t, 
there  are  financial  penalties. 

On  the  more  nitty-gritty  level  of  soft¬ 
ware  development,  there  are  collabora¬ 
tive  software  development  tools.  Users 
say  these  tools  are  good  for  quickly  as¬ 
sembling  relevant  data  while  ensuring 


that  everyone  involved  has  a  shared 
view  of  the  information.  This  often 
means  keeping  e-mails  addressing  par¬ 
ticular  issues  in  a  central  location  and 
making  sure  they  are  cross-referenced. 

Best  Buy  relies  on  Wipro’s  project 
management  tools,  such  as  Cocoon, 
which  tracks  projects  and  their  pro¬ 
gress  and  provides  for  a  discussion 
forum,  among  other  features.  Out¬ 
sourcing  vendor  Cognizant  Technol¬ 
ogy  Solutions  Corp.  in  Teaneck,  N.J., 
also  makes  its  own  collaboration  envi¬ 


ronment,  called  eCockPit.  In  addition, 
there  are  third-party  tools  for  distrib¬ 
uted  software  development. 

Phillip  Lindsay,  chief  architect  at 
Data  Trace  Information  Services  LLC 
in  Anaheim,  Calif.,  says  he’d  prefer  to 
bring  all  software  developers  into  the 
same  room  to  review  projects.  But  with 
about  half  of  his  18-member  develop¬ 
ment  team  in  India,  that’s  not  an  option. 

“It’s  currently  difficult  to  do  software 
development  in  one  location,  and  it’s 
even  harder  to  do  it  in  two  locations  in 
two  time  zones,”  he  says.  “Add  in  a  rad¬ 
ically  different  time  zone,  culture, 
country,  connectivity  —  just  phone 
calls  sometimes  are  laborious.” 

Lindsay  uses  a  distributed  software 
development  tool  called  SourceCast 
from  CollabNet  Inc.  in  Brisbane,  Calif. 
SourceCast  is  designed  to  work  in  a 
WAN  and  manages  development  work 
in  a  source-code  repository.  If  a  file 
changes  overnight,  those  changes  are 
seen  immediately.  “Conflicts  are  found 
in  real  time,  and  that  reduces  the  cost,” 
he  says. 

Software  tools  can  help,  but  manag¬ 
ing  offshore  contractors  often  requires 
a  personal  touch.  For  example,  Wipro 
has  workers  at  Best  Buy’s  U.S.  headquar¬ 
ters.  And  Lindsay  says  Data  Trace  has  an 
employee  from  India  who  is  helping  his 
team  with  cultural  and  language  issues. 

The  same  tools  and  techniques  that 
work  for  managing  offshore  software 
developers  can  also  work  for  offshore 
manufacturing,  says  Mark  Goldberg,  a 
vice  president  at  Koret  of  California 
Inc.,  an  Oakland-based  clothing  manu¬ 
facturer  and  subsidiary  of  St.  Louis- 
based  Kellwood  Co. 

Koret  does  all  its  manufacturing  off¬ 
shore  and  doesn’t  want  to  maintain  in¬ 
ventory.  Goldberg  uses  Internet-based 
software  developed  by  New  Genera¬ 
tion  Computing  Inc.  in  Hialeah,  Fla.,  to 
keep  track  of  the  manufacturing  opera¬ 
tions.  Everyone  involved  in  the  manu¬ 
facturing  process  enters  data  into  the 
system,  so  “there  is  no  question  about 
who  owns  that  piece  of  information, 
who  is  responsible,”  he  says. 

Alan  Brooks,  who  founded  New  Gen¬ 
eration  in  1982,  says  a  big  part  of  man¬ 
aging  diverse  work  sites  is  understand¬ 
ing  the  thousands  of  details  involved. 
Brooks  has  developed  tools  he  uses 
to  manage  software  development  ap¬ 
plying  the  same  methods  he  uses  to 
manage  offshore  manufacturing.  His 
advice  to  IT  managers  developing  soft¬ 
ware  overseas:  Approach  it  like  manu¬ 
facturing  a  physical  product  —  consid¬ 
er  every  aspect  of  the  life  cycle. 

“I  think  making  software  is  manufac¬ 
turing,”  he  says.  > 


Managers  try  various 
tools,  from  videoconfer¬ 
encing  to  collaboration 
software,  for  managing 
offshore  contractors. 

By  Patrick  Thibodeau 
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Don’t  start  an  IT 
project  until  the 
company  has  writ¬ 
ten  a  clear  set  of 
rules  about  the  way 
it  does  business. 

By  Ronald  G.  Ross 


Recently,  colleagues 
and  I  were  talking 
to  the  chief  software 
developer  at  a  large 
client  organization 
about  progress  on  a 
major  re-engineering  effort  there.  Our 
concern  was  whether  the  project  team 
members  could  meet  a  deadline  some 
nine  months  out  for  delivering  a  large- 
scale  prototype.  We’d  just  spent  sever¬ 
al  intensive  months  developing  a  com¬ 
prehensive  business  model,  and  they 
still  had  several  months  of  system  de¬ 
sign  left  to  complete. 

This  chief  developer  is  very  sharp  — 
not  one  to  commit  to  any  an¬ 
swer  lightly.  For  the  longest 
while,  he  said  nothing,  lost  in 
thought.  Finally,  eyeing  the  de¬ 
tailed  business  diagrams  plas¬ 
tered  on  the  walls  all  around,  he  said, 
“If  we  had  already  started  coding,  I 
would  say  we  had  no  chance  at  all.  But 
since  we  haven’t  started  coding  yet,  I’d 
say  the  chances  are  pretty  good.” 

I  had  to  run  that  by  several  times  in 
my  mind  before  I  caught  his  meaning. 
“If  we  had  already  started  coding,  I 
would  say  we  had  no  chance  at  all.” 

I  knew  he  thought  that  the  applica¬ 
tion  coding  itself  was  going  to  be  pret¬ 
ty  tough.  It  would  involve  using  a  rules 
engine,  a  worldwide  distribution  net¬ 
work,  graphical  user  interfaces  and 
some  significant  middleware. 

He  was  saying  that  if  they  had  to 
resolve  all  the  business  issues  while 
coding,  they  would  never  pull  it  off 
in  time  —  or  probably  ever.  However, 
since  the  project  team  was  tackling 
the  tough  business  issues  upfront  (in¬ 
cluding  specifying  the  business  rules), 


he  thought  they  had  a  pretty  good 
chance  of  completing  the  code  by  the 
target  date. 

In  large  measure,  the  business  rule 
approach  is  simply  about  asking  the 
right  questions  of  the  right  people. 
There  is  only  one  way  to  honestly 
meet  a  deadline  —  and  that’s  to  solve 
the  business  problem  first. 

Business-Driven  IT 

In  the  early  days  of  building  business 
systems,  the  business  side  could  essen¬ 
tially  sit  back  and  just  let  them  happen. 
The  advantages  of  automating  were  so 
compelling  that  you  could  do  virtually 
no  wrong.  Now,  for  all  practical, 
purposes,  business  and  IT  oper¬ 
ate  inseparably.  When  under¬ 
taking  projects,  the  logical  step 
then  would  be  to  put  together 
seamless  business/IT  project  teams 
and  have  them  follow  a  business- 
oriented  approach  to  developing  re¬ 
quirements.  Yet  many  companies  are 
nowhere  close  to  doing  that  today. 

All  too  often,  the  business  side  still 
produces  fuzzy,  ill-focused  “require¬ 
ments,”  and  the  IT  side  continues  do¬ 
ing  “requirements”  only  a  notch  or  two 
above  programming.  How  can  this  gap 
between  business  professionals  and  IT 
professionals  in  developing  require¬ 
ments  be  eliminated? 

The  answer  is  relatively  straightfor¬ 
ward.  The  business  needs  an  organized 
approach  that  enables  business  profes¬ 
sionals  to  drive  the  development  of  re¬ 
quirements.  This  approach  must  pro¬ 
vide  a  road  map  that  shows  how  to  ask 
the  right  kinds  of  questions  about  the 
right  things  at  the  right  times.  What’s 
needed  is  a  business-driven  approach. 


The  Rule  Book 

How  many  rules  does  your  com¬ 
pany  have?  A  thousand?  Ten  thou¬ 
sand?  How  easy  is  it  to  change  any 
one  of  those  rules? 

Many  companies  today  are  start¬ 
ing  to  realize  that  they  have  prob¬ 
lems  with  rule  management.  Rules 
need  to  be  managed  in  a  consistent 
or  coherent  manner. 

Your  company’s  book  of  rules 
shouldn't  be  paper-based  but  rather 
automated  in  a  database  or  reposi¬ 
tory,  where  the  rules  can  be  man¬ 
aged  and  readily  accessed.  That 
way,  the  book  of  rules  can  play  a 
very  active  role  not  only  during  the 
system  development  project,  but 
also  once  the  new  business  system 
becomes  operational.  Software 
tools  are  now  available  that  enable 
direct  business-side  management 
of  rules,  opening  unprecedented 
opportunities  for  the  business. 

-  Ronald  6.  Ross 

In  traditional  development  ap¬ 
proaches,  much  is  usually  lost  in  the 
translation  of  upfront  requirements  to 
the  actual  running  system.  But  writing 
a  set  of  clear  business  rules  improves 
communications  between  the  business 
side  and  IT,  and  provides  a  bridge  be¬ 
tween  business  analysis  and  system  de¬ 
sign.  The  business  rule  approach  helps 
to  close  the  requirements  gap  between 
the  business  side  and  the  IT  side. 

So  what’s  a  business  rule?  From  the 
business  point  of  view,  it’s  a  directive 
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Library  Fact  Model 

This  diagram  shows  a  graphical  fact  model  for  a  library.  The  rule’s  wording  is  based  directly  on  the  fact  model, 
which  is  a  diagram  of  basic  business  concepts  -  a  knowledge  structure.  A  fact  model  can  and  should  provide  a 
first-cut  blueprint  for  how  data  will  be  eventually  organized  in  a  database.  RULE:  A  library  card  may  be  used 
to  check  out  a  book  only  if  the  book  is  owned  by  a  library  for  which  the  card  is  authorized. 

Is  used  to  check  out  — >- 


intended  to  influence  or  guide  behav¬ 
ior.  Business  rules  are  literally  the  en¬ 
coded  knowledge  of  your  business 
practices.  From  an  IT  point  of  view, 
a  business  rule  is  an  atomic  piece  of 
reusable  business  logic. 

In  a  way,  everyone  knows  what  busi¬ 
ness  rules  are  —  they’re  what  guide 
your  business  in  running  its  day-to-day 
operations.  Without  business  rules, 
you’d  always  have  to  make  decisions 
on  the  fly,  choosing  between  alterna¬ 
tives  on  a  case-by-case  basis.  Doing 
things  that  way  would  be  very  slow. 

Rules  are  familiar  to  all  of  us  in  real 
life.  We  play  games  by  rules,  we  live 
under  a  legal  system  based  on  a  set  of 
rules,  and  we  set  rules  for  our  children. 
Yet  the  idea  of  rules  in  business  sys¬ 
tems  is  ironically  foreign  to  most  IT 
professionals.  Say  “rules”  and  many 
IT  professionals  think  vaguely  of  ex¬ 
pert  systems  or  artificial  intelligence. 
There’s  little  recognition  of  how  cen¬ 
tral  rules  actually  are  to  the  basic,  day- 
to-day  operations  of  the  business. 

Not  coincidentally,  many  business- 
side  workers  and  managers  have  be¬ 
come  so  well  indoctrinated  in  proce¬ 
dural  views  for  developing  require¬ 
ments  that  thinking  in  terms  of  rules 
might  seem  foreign  or  abstract.  Virtu¬ 
ally  every  methodology  is  guilty  in  this 
regard,  whether  for  business  process 
re-engineering,  system  development  or 
software  design. 

This  is  unfortunate  for  two  reasons: 

1.  Thinking  about  any  organized  ac¬ 
tivity  in  terms  of  rules  is  actually  very 
natural.  For  example,  imagine  trying  to 
explain  a  game  like  chess,  checkers, 
baseball  or  football  without  explaining 
the  rules. 

2.  Business-side  workers  and  man¬ 
agers  have  the  knowledge  it  takes  to 
create  good  rules. 

Sample  Rules 

Take  a  look  at  the  sample  rules  that 
follow,  and  notice  how  every  aspect 
of  operational  control  in  a  business 
system  can  be  addressed  by  rules: 

■  Restrictions:  A  customer  must  not 
place  more  than  three  rush  orders 
charged  to  its  credit  account. 


■  Heuristics:  A  customer  with  pre¬ 
ferred  status  should  have  its  orders 
filled  immediately. 

■  Computations:  A  customer’s  annual 
order  volume  must  be  computed  as  to¬ 
tal  sales  closed  during  the  company’s 
fiscal  year. 

■  Inference:  A  customer  must  be 
considered  preferred  if  the  customer 
places  more  than  five  orders  over 
$1,000. 

■  Timing:  A  customer  must  be 
archived  if  the  customer  doesn’t  place 
any  orders  for  36  consecutive  months. 

■  Triggers:  “Send  advance  notice” 
must  be  executed  for  an  order  when 
the  order  is  shipped. 

Rules  build  directly  on  terms  and 
facts.  Terms  —  like  customer,  shipment 
and  invoice  —  should  have  a  precise, 
unambiguous  definition  in  the  busi¬ 
ness.  For  example,  customer  might 
be  defined  as:  “An  organization  or  indi¬ 
vidual  person  that  has  placed  at  least 
one  paid  order  during  the  previous 
two  years.” 


Facts  are  given  by  simple,  declara¬ 
tive  sentences  that  connect  the  terms 
with  a  verb  or  verb  phrase,  such  as, 
“Customer  places  order.” 

A  “fact  model”  is  a  set  of  fact  state¬ 
ments  that  describe  the  results  of  a 
business  operation  (see  diagram).  A 
fact  model  should  serve  as  an  initial 
blueprint  for  a  data  model,  but  its  pri¬ 
mary  purpose  is  to  capture  knowledge 
about  the  business  in  a  structured 
form,  distilled  from  the  business-side 
workers  and  managers  who  possess  it. 


Rules  About 
Business  Rules 

■  Rules  should  be  written 
and  made  explicit. 

■  Rules  should  be  expressed 

in  plain  language. 

®  Rules  should  exist  independent 
of  procedures  and  workflows. 

■  Rules  should  guide  or  influence 
behavior  in  desired  ways. 

■  Rules  should  be  motivated  by  identifi¬ 
able  and  important  business  factors. 

a  Rules  should  be  accessible 
to  authorized  parties. 

■  Rules  should  be  specified 
directly  by  those  people  who  have 

relevant  knowledge. 

■  Rules  should  be  managed. 


Rules  essentially  add  the  sense  of 
the  words  must  or  must  not  to  the 
terms  and  facts,  as  in,  “Orders  on  cred¬ 
it  over  $1,000  must  not  be  accepted 
without  a  credit  check.” 

Rules  should  be  expressed  in  clear, 
unambiguous,  well-structured  busi¬ 
ness  English,  starting  with  an  explicit 
subject.  Rules  should  have  no  fluff  and 
no  missing  facts.  Rules  can  be  quali¬ 
fied,  as  in  “A  shipment  must  be  insured 
if  the  shipment  value  is  greater  than 
$500.”  And  rules  can  include  timing 
criteria,  as  in  “A  student  must  be  en¬ 
rolled  in  at  least  two  courses  by  the 
close  of  registration.” 

Rule  Independence 

A  business  is  very  much  like  a  human 
body.  The  knowledge  (term  and  fact) 
structure  is  like  the  skeleton;  the  proc¬ 
esses  are  the  powerful  muscles;  and 
the  rules  are  the  nervous  system  that 
controls  the  other  two.  All  three  are  es¬ 
sential  and  interrelated.  But  business 
rules  should  be  separate  from  the  oth¬ 
er  two.  A  basic  principle  of  this  ap¬ 
proach  is  that  rules  are  independent 
of  processes  and  procedures.  A  fringe 
benefit  of  that  “rule  independence”  is  a 
huge  simplification  in  the  processes. 

The  result  is  a  “thin  process,”  a  long¬ 
standing  goal  of  many  IT  profession¬ 
als.  By  taking  the  rules  out  of  the 
processes,  you  can  produce  processes 
that  are  relatively  simple  and  can  be 
changed  as  the  need  arises. 

In  the  National  Football  League,  if 
a  play  isn’t  working  for  a  team,  it  will 
be  gone  from  its  playbook  within  a 
couple  of  games.  The  plays  are  essen¬ 
tially  throwaways.  $imilarly,  businesses 
need  to  view  their  own  procedures  as 
throwaways  —  cheap  enough  to  dis¬ 
card  and  replace  readily  when  the  pro¬ 
cedures  no  longer  work  well. 

Throwaway  procedures  are  a  must 
for  the  business  to  be  adaptable  and 
competitive.  This  deceptively  simple 
idea  —  made  possible  by  the  business 
rules  approach  —  can  revolutionize 
the  way  work  is  done  and  systems  are 
designed.  ► 


Reprinted  with  permission  from 
Principles  of  the  Business  Rule 
Approach,  by  Ronald  G.  Ross  (Addison- 
Wesley,  2003).  Ross  is  co-founder  and 
principal  of  Business  Rule  Solutions 
LLC  and  executive  editor  of  the  Web 
site  BRCommunity.com. 


WHO’S  CHANGING  THE  RULES? 

Should  you  let  business  managers  make  changes  in  the 
business  rules  embedded  in  IT  systems? 
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‘Virtual  Close’ 
Piques  interest 

Urge  companies  that  are  looking 
to  close  their  monthly  financial 
books  faster  than  the  current 
paper-based  15  days  are  showing 
interest  in  the  “virtual  close,” 
according  to  a  report  by  Meta 
Group  Inc.  With  a  virtual  close, 
ail  transactions  and  expenses  are 
reported  in  real  time  instead  of 
in  batch  mode. 

Tracking  inventory  and  expens¬ 
es  in  detail  and  motivating  em¬ 
ployees  -  for  example,  salespeo¬ 
ple  who  need  to  provide  monthly 
sales  reports  -  to  enter  correct 
numbers  into  the  system  on  time 
are  most  important.  The  goal, 
Meta  said,  is  to  be  able  to  do  a 
virtual  close  on  a  dime.  To  ac¬ 
complish  that,  companies  must 
streamline  their  systems  and 
adopt  the  following  practices: 

■  Keep  the  code  simple  and 
focused  on  financial  reporting. 

■  Re-evaluate  the  value  gained 
from  complex  allocations  and 
chargebacks. 

■  Reduce  both  the  number  of 
books  and  the  number  of  ERP 
applications  they  are  entered  on 
so  the  finance  department  has 
fewer  systems  to  coordinate. 

■  Use  a  common  set  of  best 
practices  throughout  the  compa¬ 
ny  to  improve  coordination. 

■  Improve  business  performance 
management  using  Web-based 
reporting/result  software. 


Eaton  Hires  IT 
Vet  as  New  CIO 

Industrial  manufacturer  Eaton 
Corp.  has  named  Robert  Sell  as 
its  new  CIO.  Sell  has  approxi¬ 
mately  30  years  of  IT  and  opera¬ 
tions  experience  and  most  re¬ 
cently  was  CIO  at  Moore  Wallace 
Inc.,  a  distributor  of  print  and  dig¬ 
ital  information.  He  has  also 
worked  as  CIO  at  Brunswick 
Corp.  and  Coors  Brewing  Co.  Sell 
will  lead  the  Cleveland-based 
company’s  worldwide  IT  opera¬ 
tions  and  report  to  Richard 
Fearon,  Eaton’s  chief  financial 
and  planning  officer. 


PAUL  GLEN 

Think  Like  an 
Archaeologist 


IF  YOU’D  LIKE  YOUR  IT  PROJECTS  and  depart¬ 
ment  to  run  more  efficiently  and  effectively,  you 
probably  need  to  develop  a  keen  appreciation  for 
the  work  of  archaeologists.  That’s  right,  real  ar¬ 
chaeologists.  I’m  not  talking  about  the  Indiana 
Jones  variety  of  adventurous  grave  robbers,  but  of 
those  men  and  women  who  spend  their  summers  pa¬ 
tiently  digging  in  the  dirt  with  trowels,  dental  picks 
and  paintbrushes  looking  for  sticks,  stones  and  bones. 


For  us,  what’s  important 
about  their  work  isn’t  the 
excavation  part,  but  what 
they  do  with  the  artifacts 
after  they’ve  removed  them 
from  the  site.  Archaeolo¬ 
gists  are  students  of  the 
history  of  human  technolo¬ 
gy.  The  fundamental 
premise  of  the  field  is  that 
by  carefully  examining  the 
artifacts  of  a  past  culture, 
we  can  understand  the 
people  who  made  those  ob¬ 
jects.  We  can  learn  not  only 
about  how  the  objects  were 
made,  but  also  about  the 
ideas,  values,  culture  and 
history  of  those  who  made  them.  We 
can  understand  to  some  degree  how 
they  lived  and  what  they  thought. 

What  archaeologists  have  recog¬ 
nized  is  that  technology  doesn’t  exist 
independently  from  people.  In  their 
eyes,  a  piece  of  technology  is  a  durable 
form  of  human  expression.  When  they 
look  at  a  potsherd,  they  can  often  de¬ 
termine  how  the  pot  was  made,  in¬ 
cluding  where  the  clay  came  from, 
what  tempering  was  added  to  the  clay 
and  how  it  was  Fired.  If  the  clay  origi¬ 
nated  far  from  where  the  object  was 
found,  it  indicates  that  the  makers  ei¬ 
ther  traveled  or  traded.  The  tech¬ 
niques  used  to  make  the  pot  show  how 
advanced  the  maker’s  knowledge  of 


pottery  technology  was. 
The  shape  and  decorations 
often  convey  the  use  of  the 
object.  The  choices  made 
by  the  ancient  artisans  of¬ 
fer  a  glimpse  into  their 
minds  and  values. 

This  is  no  different  from 
the  technology  coming  out 
of  any  modern  IT  group. 
The  technology  that  you 
create  bears  the  marks  of 
your  team  just  as  a  stone 
ax  shows  the  marks  of  an 
ancient  flintknapper.  The 
technology  that  you  create 
is  a  reflection  of  the  indi¬ 
viduals  who  make  it,  the 
values  of  the  makers  and  of  the  dy¬ 
namics  of  the  group. 

In  short,  technology  is  the  collective 
expression  of  the  team  that  creates  it. 

It  doesn’t  exist  as  an  entity  separate 
from  the  team.  They  are  reflections  of 
each  other.  The  team  often  organizes 
itself  according  to  the  demands  of  the 
technology,  and  the  technology  is  pro¬ 
duced  through  the  dynamics  of  the 
team.  In  his  book  The  Dynamics  of 
Software  Development  Jim  McCarthy 
refers  to  this  phenomenon  as  “Team  = 
Software.” 

For  example,  imagine  that  you’re  de¬ 
veloping  some  sort  of  software  system, 
and  you  get  to  the  system  integration 
phase  and  find  that  two  chunks  of 
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code  don’t  integrate  well  with  each 
other.  In  this  situation,  you  can  be 
pretty  sure  that  the  two  groups  that 
developed  those  different  chunks  of 
code  don’t  communicate  well.  In  fact, 
they  probably  don’t  like  each  other 
much,  either.  The  dynamics  of  the  hu¬ 
man  interaction  have  been  expressed 
in  the  form  of  code. 

I’m  sure  you’ve  all  seen  a  system  in 
which  the  user  interface  made  perfect 
sense  to  the  programmers  but  was 
completely  unintelligible  to  the  users. 
Usually  the  interfaces  on  these  sys¬ 
tems  reflect  the  underlying  structure 
of  the  code  rather  than  the  business 
processes  of  the  users.  You  can  be  as¬ 
sured  that  the  cultural  assumptions  of 
that  group  include  the  idea  that  under¬ 
standing  technology  is  more  impor¬ 
tant  than  understanding  business  im¬ 
provement.  The  values  of  the  group 
are  clearly  expressed  in  the  design  of 
the  interface. 

Have  you  ever  worked  on  a  system 
that  was  beautiful  to  behold,  but  was 
impossible  to  deploy  and/or  support? 
You  can  be  pretty  sure  that  the  group 
that  develops  such  a  system  holds  pro¬ 
grammers  in  higher  esteem  than  de¬ 
ployment  specialists,  operations  per¬ 
sonnel  or  help  desk  technicians.  The 
concerns  of  these  groups  were  dis¬ 
counted  or  ignored  during  the  design 
and  construction.  The  social  hierarchy 
of  the  group  is  right  there,  like  a  fin¬ 
gerprint  on  an  Aztec  water  jug. 

If  you  pay  close  attention  to  the  dy¬ 
namics  of  your  group,  you’ll  probably 
be  able  to  predict  what  your  technolo¬ 
gy  will  look  like  long  before  the  mon¬ 
ey  is  spent  developing  and  deploying 
it  —  and  maybe  your  work  will  live  on 
rather  than  being  dug  up  by  some  fu¬ 
ture  archaeologist.  ► 
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Got  Questions  About 
Business  Intelligence? 


Computerworld’s  IT  Executive  Summit 
Has  the  Answers 


If  you’re  an  IT  executive*  in  an  end-user  organiza¬ 
tion,  apply  to  attend  one  of  Computerworld’s 
upcoming  complimentary  one-day  summits  on 
Business  Intelligence. 

Neither  a  product  nor  a  system,  Business  Intelligence 
(Bl)  is  an  architecture  -  a  collection  of  interrelated 
operational  and  business  performance  measurement 
applications  and  databases. 

The  only  way  to  succeed  with  Bl  applications  is  to 
understand  their  complexity,  their  cross-organizational 
nature,  the  needs  of  knowledge  workers,  your 
competition,  your  market,  and  customer  trends. 

This  summit  will  give  you  a  comprehensive,  one-day 
overview  -  and  will  arm  you  with  the  latest  thinking 
and  tools  to  make  the  right  investments  in  Bl. 
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j  Jr  program  mers  Programmers, 
'Software  Engineers  &  DBAs: 
[Design,  develop,  test  and  imple- 
jmen!  specialized  software  apps. 
in  (a)  Oracle  Financials  and 
I  Manufacturing  Hi  and  related 
[tools,  Erwin.  Cognos  Suite. 
Business  Objects  and  MF 
(Cobol  (b)  SQL  DBA,  Unix 
[Admin.  VB  Sybase,  Cobol.  C, 
(Cold  Fusion  and  related  tech- 
Inologies:  (c)  J2EE  and  related 
technologies,  Rational  Clear- 
Case,  CORBA.  MQSeries  and 
related  tools;  (d)  BDF, 
JPROBETest  Factory,  Requisite 
Pro,  CORBA.  Patrol  DB.  LDAP 
Server  and  Silk  Pilot;  (e) 
EAZVTRIEVE+,  Xpedio  Server. 
SQL  Backtrack,  PatrolDB, 
NetlQ,  Infopac,  Netview  and 
Gauntlet  Firewall;  (f)  PeopleSoft 
HRMS  (HR,  Payroll  and  Benefits 
Administration)  Application 
Engine,  SQR,  Cobol,  DB2, 
CICS,  nVision,  Crystal  Reports 
and  related  tools;  (g)  Java  and 
related  tools,  CORBA,  Sybase, 
Swing  and  Rational  Tools  (h) 
Oracle  Database  Admin,  in 
Oracle  111,  Oracle  Enterprise 
Manager,  Solaris  AIX,  VB,  C++, 
SQL'Plus  and  related  tools;  (i) 
Cold  Fusion  and  related  tools, 
ASP,  XML,  DHTML,  Crystal 
Reports,  Java,  VB,  DCOM,  MS 
SQL  and  Oracle  8i;  (j)  Oracle 
Financials  and  PeopleSoft, 
Tuxedo,  Developer/Designer 
2000  and  related  tools;  (k) 
Hyperion  Essbase  Apps.  and 
related  tools;  (1)  Oracle, 
Peoplesoft,  ASP.  Java  and  relat¬ 
ed  tools,  SQA  Robot,  Mercury 
Test  Director  and  Silk;  (m) 
Clarify  and  related  technologies; 
(n)  JDK,  ASP,  CORBA,  Oracle, 
SQL  Server,  Linux,  VB  and 
HTML;  (o)  SAS  and  related 
packages.  Java,  Business 
objects  and  Oracle.  US  Workers 
only.  Consulting  positions  requir¬ 
ing  travel.  Prevailing  wage/ben¬ 
efits.  Send  resume  to  HR,  SSG, 
3300  Buckeye  Road,  Suite  555, 
Atlanta,  GA  30341,  identifying 
interested  position(s).  No  Phone 
calls  please. 


Voicecom  Telecommunications, 
LLC  seeks  a  Sr.  Director  of  Network 
Operations  to  direct  and  manage  an 
integrated  Network  Control  Center 
and  Field  Operations  Team,  which 
supports  Voicecom's  nationwide  IP, 
Voice  and  Data  Telecommunica¬ 
tions,  Responsibilities  include  ad¬ 
vanced  level  network  engineering 
and  maintenance  support,  direct 
and  manage  a  team  of  managers, 
engineers,  technicians  and  field 
operations.  Manage  extensive 
voice,  data  and  IP  networks  to 
include  IVR,  PBX,  VoIP,  Voice 
Messaging  systems,  Clear  Channel, 
Channelized,  Fractional,  DSI.  DS3, 
SONET,  DWDM,  ATM,  SMDS, 
Frame  Relay,  SMTP,  HTTP,  TEL¬ 
NET.  TFtACEROUTE.  PING,  BGP, 
ISIS,  Static,  Multicast,  "MPLS  VPN", 
IS-IS  metrics,  DMS  Switching,  Voice 
Trunks,  DID  &  800  Services. 
Candidates  should  have  a  BA  or  BS 
in  Computer  Science  or  related 
field,  five  or  more  years  of  business 
management  responsibility,  exten¬ 
sive  lease  management  negotiation, 
relevant  technology  experience  and 
good  references.  Please  submit 
your  resume  with  salary  history  and 
requirements  to:  HR  Director,  5900 
Windward  Parkway,  Suite  500, 
Atlanta,  Georgia  30005. 


Sr.  Systems  Developer  -  life 
cycle  syst.  develop,  features/ 
projects  in  ASD,  generate 
require./function.  specs,  design 
consolid./develop./unit  test/ 
maintain,  interface  w /  ASD 
Quality  Assur.  for  integration 
testing  &  interact  w /  ASD  archi¬ 
tect.  for  project/feature  life  cycle. 
Bachelor's  or  foreign  degree 
equiv.  in  CS,  MIS,  CIS, 
Engineer.,  or  related.  &  5  yrs 
progressive  exp.  in  position,  in 
software  or  systems  engineer., 
program,  or  develop,  req'd.  Will 
accept  Master’s  in  stated  fields 
in  lieu  of  bachelor's  +  exp 
Competitive  salary,  40  hrs/wk, 
OT  as  need.  Send  resume  to:  M. 
Powers,  HR  Mgr,  REF#JY, 
CoreCARD.I  Meca  Way, 
Norcross,  GA  30093. 


Full-time  Programmer/Database 
Analyst:  Lead  programmer/ 

database  analyst  responsible  for 
full  software  development  lifecy¬ 
cle.  Manage,  design,  develop 
and  implement  database,  data¬ 
base  web  site  for  standard 
reporting  and  information 
exchange.  Identify  business 
requirements,  translate  busi¬ 
ness  requirements  into  function¬ 
al  design  and  processes  for 
diverse  development  platforms, 
computing  environments,  soft¬ 
ware,  hardware,  technologies 
and  tools.  Research  and  evalu¬ 
ate  new  technologies  and  rec¬ 
ommend  cost  effective  solu¬ 
tions.  Develop  and  prepare 
computer  programs.  Prepare 
program  test  data,  tests,  and 
debug  programs.  Work  with 
SQL,  Oracle,  C++,  JAVA, 
PL/SQL,  Windows  NT,  Unix  and 
OS2  Must  have  Bachelor's 
degree  in  Computer  Science  or 
related  field.  Employer  will 
accept  combination  of  educa¬ 
tion/experience  that  equates  to 
Bachelor's  degree  (3  to  1  rule). 
Foreign  or  domestic  education 
equivalent  to  Bachelor's  degree 
accepted.  Must  have  2  years 
experience  in  job  offered  or 
position  with  same  duties. 
Salary:  $72,500.  Send  resume 
to  Natasha  Lyttle,  Ref.  # 
NCL001 ,  SITA  INC,  3100 
Cumberland  Boulevard,  Suite 
200,  Atlanta,  Georgia  30339. 


Mechanical  Software  Engineer: 
Develop  Real-Time  control  mod¬ 
ules  on  Windows  NT/2000/XP 
platform.  Design  PC-based 
Computerized  Numerical 
Control  (CNC)  and  Prog¬ 
rammable  Logic  Control  (PLC), 
industrial  robots  and  servo 
motion  control  functions  and 
algorithms  in  C,  Visual 
C++/MFC  and  Visual  Basic. 
Develop  Real-Time  drivers  for 
IEEE1394  FireWire  and  propri¬ 
etary  high-speed  fiber  optic 
communications.  Perform 
mechatronics  system  integration 
and  evaluation,  machine  dynam¬ 
ics  and  vibration  analysis  and 
servo  tuning  for  CNC  lathe  and 
milling  machines.  Link  CAD / 
CAM  packages  for  Direct 
Numerical  Control  (DNC). 
Requirements  include  a 
Master's  degree  or  equivalent  in 
Mechanical  Engineering.  No 
work  experience  required. 
Applicants  must  have  unrestrict¬ 
ed  authorization  to  work  in  the 
United  States.  Salary  $77,539/ 
year.  40  hours/wk.  Respond 
with  two  copies  of  resume  to 
Case  #200202479,  Labor 
Exchange  Office,  19  Staniford 
St„  1st  FI.,  Boston,  MA  02114. 


Computer  Programmer  who  will 
plan,  develop,  test  and  docu¬ 
ment  computer  software  using 
COM.  COM  +,  MSMQ,  MTS,  IIS, 
IIS  Security,  ASP,  Visual  Basic, 
XML.  RDBMS,  WAP,  Bluetooth, 
PVCS,  SOAP,  WML,  ACH  for 
PC,  BizTalk  Server,  TestDirector, 
and  Visual  Studio.NET. 
Applicant  must  have  a 
Bachelor's  degree  or  foreign 
degree  equivalent  combination 
of  education  in  Computer 
Science  or  Engineering. 
Applicant  must  have  at  least  5 
years  of  work  experience  in  soft¬ 
ware  development  in  various 
platforms  and  technologies. 
Applicant  must  have  working 
knowledge  of  Bluetooth,  WML, 
ACH  for  PC,  BizTalk  Server, 
TestDirector,  Visual  Studio.NET, 
IIS  Security  and  PVCS. 
Applicant  must  be  a  Microsoft 
Certified  Professional  Solution 
Developer.  $66,200/yr,  40 

hours/wk,  9:00am-5:00pm. 
Send  resume,  listing  Job  Order 
Number  WEB  347647  to  Site 
Administrator,  Greene  County 
Team  PA  CareerLink,  4  West 
High  Street,  Waynesburg,  PA 
15370-1324. 


Web  Service  &  Support  Analyst 
I:  Entry  level  position  to  design  & 
develop  multi-tier  database-dri¬ 
ven  websites;  troubleshoot  & 
maintain  medical  staffing  system 
using  ASP.  VB/COM,  Java¬ 
Script,  SQL/SQL  Plus  &  HTML; 
use  Photoshop/  ImageReady  & 
Flash  to  design  graphics  for  web 
pages  and  advertising  banners; 
web  marketing  w/  Search 
Engine  Optimization;  monitor  & 
analyze  Web  Traffic.  Req.  BS  in 
Healthcare  Info  Sys,  CS  or  other 
related  field,  no  exp.  req.  but 
must  demo,  ability  to  perform 
duties  through  course  work  in 
Healthcare  Info  Sys  or  related 
course.  Resume  w/  transcript  to 
HR  Director,  Medical  Doctor 
Associates,  145  Technology 
Pkwy  NW,  Norcross,  GA  30092 


Tool  King,  LLC,  seeks 
a  software  developer 
with  experience  in  soft¬ 
ware  and  web  tech¬ 
nologies.  B.S.  in 
Comp.  Science  +  3  yrs 
exp  in  VB,  ASP,  SQL¬ 
Server,  IIS.  Send 
resume  to  HR,  299 
Bryant  St.,  Denver,  CO 
80219. 


Software  Business  Analyst: 
Consult  with  client  companies  to 
review,  analyze,  evaluate  their 
business  systems  &  write 
detailed  description  of  user 
needs.  Create  technical  specs  & 
steps  reqd  to  develop  or  modify 
information  systems  applica¬ 
tions.  Automate  costing  &  pur¬ 
chase  order  system  using  MS 
ACCESS,  Oracle,  Crystal 
Reports,  VB  in  Win  NT  environ¬ 
ment.  Req  Bachelor’s  in 
Accountancy/Rel  field  with  2  yrs 
exp.  Wages:  $60,000/yr,  40 
hrs/wk,  8-5.  Send  2  resumes: 
Case#200202838,  Labor 
Exchange  Office,  19  Staniford 
St.  1st  Fl„  Boston,  MA  02114. 


Technical  Support  Specialist: 
assign  and  coordinates  work 
projects;  establish  work  priorities 
and  evaluate  cost  and  time 
requirements;  review  and  test 
programs  to  ensure  compliance 
with  specifications  and  stan¬ 
dards;  maintain  company  net¬ 
work  system  and  website, 
process  e-commerce.  Req.  BS 
or  equivalent  in  CS,  CE  or  relat¬ 
ed  field  w/  proficiency  in  JSP, 
HTML,  TCP/IP,  network  HW/SW 
installation,  configuration,  and 
troubleshooting.  40hr/wk,  11-7. 
Contact  Sunnytech.  Inc.  at  2780 
Peterson  Place,  Norcross,  GA 
30071 


Software 

Professionals 

Chart  Links  is  a  rapidly  growing 
medical  software  company 
located  in  New  Haven,  CT.  We 
are  seeking  experienced  full¬ 
time  software  developers  and 
contractors  with  the  following 
skills:  HTML/XML,  JAVA, 

JavaScript,  SQL  Server,  Visual 
Basic,  Data  Modeling,  RDBMS 
Designer  and  Crystal  Reports. 
Forward  your  resume  to  Chart 
Links'  HR  Dept,  via  fax  (203) 
624-3501  or  e-mail  at: 
hr@chartlinks.com.  For  more 
information,  please  visit  our 
website  at:  www.chartlinks.com. 


The  World  Of 
Work  Is  Changing 
Every  Week. 


itcareers.com  is  now  powered 
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Search  for  jobs  and  post 
your  resume  here  on 
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Telecom  tech  co.  in 

Framingham,  MA  seeks  SW 
Engr.  to  design  &  develop  cal 
control  service  applications 
using  C/C++,  object  orientee 
design  &  knowledge  of  telepho¬ 
ny  protocols.  Port  application  on 
various  operating  systems  (i.e. 
Windows  2000,  SolarisS  Linux). 
Diagnose,  correct,  test  &  deliver 
solutions  for  customer  specific 
issues  w/proprietary  host-based 
telephony  software.  Provide 
engineering  &  technical  service 
training  on  proprietary  host- 
based  telephony  services  &  soft¬ 
ware.  Must  have:  BS  in  Comp. 
Sci.,  Engineering,  Math,  Physics 
or  equivalent  +  6  months  SW 
development  exp.  Must  have 
exp.  w/  C/C++  OS  Programming 
&  entire  SW  development  cycle 
from  design  to  testing. 
Knowledge  of  real-time  embed¬ 
ded  systems,  telephony  hard¬ 
ware  devices,  protocols  & 
Telephony  Infrastructure  req¬ 
uired.  Salary  $62,000/yr. 

Submit  2  resumes  to  Case 
#200202666,  Labor  Exchange 
Office,  19  Stanford  Street,  1st 
fl.,  Boston,  MA  02114. 

MA  based  IT  company  has 
openings  for  Software  Engin¬ 
eers  &  DBA's:  (Multiple  open¬ 
ings):  Research,  Analyze, 

Design,  develop,  test,  diagnose, 
and  implement  various  business 
applications. 

Real  time  OS  Vx  Works, 
Networking  Protocols,  People- 
Soft  HR/Financials,  IPSEC,  IKE, 
BAAN  ERP,  BAAN  tools,  SAP 
r/3  and  ABAP/4,  Oracle 
8.x/9.x/11.x,  Sun  Solaris  2.8, 
Veritas  Clustering,  Oracle 

Utilities,  Unix  Shell  Scripting, 
PL/SQL,  Erwin  Data  Modeling/ 
Designing,  Web  Technologies 
like  J2EE,  JDBC/ODBC,  Web 
sphere,  EJB,  COM/DCOM, 

C/C++,  MS  SQL  Server,  UNIX, 
J2EE  Architect/Team-Lead 

experience  in  implementing 
financial  applications  on  HP- 
Tandem  Non-stop  systems. 

Product  Administration  System 
SABLIME.  Business  Objects 
5.1.5,  Data  Warehousing, 
Informatica  -  Power  Center  5.1, 
SAS  8,  Teradata  Utilities,  Erwin, 
Power  Mart5.1  /  PowerCenter  5, 
Data  Junction,  Cognos 

Impromptu  7.0.  JD  Edwards, 
WinRunner  6.0,  Test  Director 
6.0,  Silk,  Load  Runner,  Rational 
Suite,  SQA  Suite. 

DBAs  must  have  experience  in 
installation,  migration,  moving, 
setup,  monitoring  and  trouble 
shooting  of  various  database 
applications.  May  require  travel 
to  client  sites.  Software 

Engineer  $78,000  &  up;  DBA: 
$60,000  and  up.  Mail  resume  to 
CRQ  INC.,  222  Turnpike  Road, 
Suite  9B,  Westboro,  MA  01581 

Software  Engineers  & 

Programmers:  Analyze, 

design,  test  and  implement 
specialize  software  applica¬ 
tions  for  e-commerce,  Web, 
Client  Server  technologies, 
Legacy  systems  and  distrib¬ 
uted  apps.  in  Weblogic, 
Corba,  Apache,  Mainframe, 
ASP,  J2EE,  Siebel,  PB  and 
related  technologies  utilizing 
appropriate  RDBMS  including 
Oracle  and  DB2.  HR, 
Instcomp,  Inc.,  906  Lacey 
Ave.,  Suite  #  206,  Lisle,  IL 
60536.  EOE. 

Senior  Programmer  with 
MS  in  CS  and  min  2  yrs 
exp  wanted  in  Houston. 
Must  have  working 
knowledge  of  ASP, 
.NET,  J2EE,  SQL,  XML, 
TIBCO,  Plumtree,  Doc- 
umentum  wireless  appli¬ 
cations.  Resume  to:  E- 
Ceptionist,  Inc.,  2000 
Bagby,  Ste.  5430, 
Houston,  TX  77002. 

LINUX  &  AIX  support.  Assist 
univ.  faculty/staff  to  use  UNIX  to 
support  research,  instruction, 
outreach.  Work  under  Ass’t  Dir. 

&  Syst.  Software  Spec.. 
Required  knowledge  &  experi¬ 
ence:  Support  Suse,  RedHat 
Linux  &  AIX.  Research  security 
on  AIX  &  Linux.  Install/test  OS  & 
MySql,  DB2,  GAMESS,  Samba, 
Apache,  Resin,  Schrodinger, 
Matlab.  WBM,  NMON,  MRTG  to 
monitor  system  performance. 
Capacity  planning,  research  hw 
configs.  Build  Beowulf  cluster  & 
pgm  LAN/MPI  PVM.  Backup 
Linux  with  Reiserfs  &  EXT3  File 
systems.  Linux  or  AIX  System 
consulting.  Support  ARC  GIS, 
DB2,  WebSphere,  Jakarta, 
Tomcat.  Implement  Geowall  on 
Windows  &  Linux.  3-D  data  con¬ 
vert.  Backup,  restore,  archive 
large-scale  storage  data. 
Storage  expansion  projection. 
Base  Salary  $35,015  per  12 
months  plus  fringe  benefits. 
Send  two  copies  of  letter  of 
application  and  resume  to: 
South  Dakota  One-Stop  Career 
Center,  Attn:  Laura  Hoyt,  1310 
Main  Ave  S,  Suite  103, 
Brookings,  SD  57006. 

Telephone:  (605)  688-4350. 
Fax:  (605)  688-6761.  Must  refer 
to  Job  Order  Number 

SD1235290. 

Computer  Systems  Admin¬ 
istrator.  Analyze/maintain/ 
modify  applications  on  IBM 
mainframe.  Req.  BS  Math/ 
Comp.  Science/Rel.  Field  & 
2  yrs  exp  in  job/2  yrs  exp  as 
Sr.  Analyst/Programmer. 
Spec.  Req.  Expertise  in 
COBOL,  DB2,  CICS,  CSF, 
Cordaptix  &  Utility  Billing 
Systems.  Send  Resume: 
Louie  G.  Abad,  EV3A,  Inc., 
104  Pierpoint  Cir.,  Folsom, 
CA  95630( Jobsite). 

Paradigm  Infotech  is  looking  for 
programmer/system  analysts, 
s/w  engineers.  Candidate  must 
have  BS  with  at  least  one-year 
IT  experience.  Good  skills  in 
C/C++,  Java,  Oracle,  WebLogic, 
VB.  HTML,  ERP  are  plus. 
Traveling  is  required.  Apply 
jobs@paradigminfotech.com. 
EOE 

Staffing  Tree.  LLC  has  openings 
for  System  Analyst,  IT  consul¬ 
tants/recruiters.  BS  or  equiva¬ 
lent  required.  Exp.  in  Oracle, 
Java.  C/C++,  SQL  &  IT  place¬ 
ment/marketing  preferred. 

Travel  required  for  some  posi¬ 
tions.  We  sponsor  green  card. 
Please  contact 

debdas@staffmg-tree.com.  EOE. 

PROGRAMMER  ANALYSTS  for 
Arlington  Heights,  IL  office. 
Design  &  Develop  software 
applications  using  C++,  Proc*. 
Oracle.  Sybase,  XML.UML, 
Coolgen,  Interwoven.  Clear- 
Case,  ClearQuest,  PVCS,  AIX, 
UNIX/Win  NT.  Bachelors  req'd  in 
Computers,  Engineering,  Math 
or  related  field  of  study  +2  yrs  of 
related  exp.  40  hrs/wk.  Must 
have  legal  authority  to  work  per¬ 
manently  in  the  U.S.  Contact  HR 
Manager,  Terasoft  International, 
Inc.,  2015  S.Arlington  Heights 
Road,  #114,  Ariington  Heights, 
IL60005. 
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DATA.  WIRELESS.  NETWORK. 
YES.  YOU’RE  IN  THE 
RIGHT  NEIGHBORHOOD. 
WE  LIVE  WTTERE  YOU  LIVE: 


What  can  a  company  like  State  Farm  possibly  offer  in  the  way  of  I.T.?  Just  one 
of  the  nation’s  largest  computer  networks.  The  drive  of  a  Fortune  25  company. 
And  a  wealth  of  I.T.  opportunities.  How  do  you  like  the  neighborhood  so  far? 


LIKE  A  GOOD  NEIGHBOR 


STATE  FARM  IS  THERE 


For  more  information,  visit  state/ arm. com®  or  emailjobopps.corpsouth@statefarm.com 


Stale  Farm  •  Flome  Offices.  Bloomington.  Illinois  •  An  Equal  Opportunity  Employer 
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[ExtraOuesl  Corporation  seeks 
j  Sr.  Database  Administrator  to 
(work  in  Greenwood  Village,  CO 
to  develop  and  administer 
Oracle-  databases  that  run  on 
UNIX  and  Linux  platforms. 
Install  end  maintain  database 
documentation  and  patch  appli¬ 
cations.  Engage  in  capacity 
planning,  systems  analysis  and 
design,  application  program 
development  and  proactive  per¬ 
formance  analysis,  monitoring 
and  tuning.  Perform  hot  back¬ 
ups,  hot  standby  databases  and 
data  guard  configuration  utilizing 
RMAN  Design,  configure  and 
administer  Oracle  Parallel  and 
Real  Application  Cluster 
Database  Servers.  Engage  in 
data  conversion/migration, 
development  of  budget  and  pro¬ 
ject  proposals  and  project  man¬ 
agement.  Requires  bachelor's 
degree  in  computer  science  or 
related  field,  as  well  as  4  years 
experience  performing  the  core 
duties  and  using  the  skills 
described  above.  Respond  by 
resume  to  ExtraQuest  Corp., 
Human  Resources,  5575  DTC 
Pkwy,  #240,  Greenwood  Village, 
CO  80111,  and  refer  to  job 
#4106. 


CCIE  Technical  Support 
Manger-Post  Sales  -  Manage 
post-sales  technical  support 
activities  of  technical  support 
staff  engaged  in  the  analysis, 
design  and  implementation  of 
solutions  to  engineering  and 
integration  problems  of  complex 
internetworked  systems  based 
in  Cisco  Systems  technologies. 
Bachelor's  degree  or  foreign 
degree  equivalent  in  Computer 
Engineering  or  related  field 
required  and  five  years  of  expe¬ 
rience  in  network  design  engi¬ 
neering  and/or  network  support 
engineering.  Please  forward 
resume  to  Attn:  Mike  Gailimore, 
BellSouth  Communication 
Systems,  2359  Perimeter  Point 
Parkway,  Charlotte,  North 
Carolina  28208.  Please  do  not 
email  or  fax  resumes.  EOE 


Database  Administrator  (4  open¬ 
ings):  Analyze,  dsgn  s/ware  & 
h/ware  reqmts.  Install,  adminis¬ 
ter  Oracle  d/bases  in  HA  cluster. 
Support  OPS,  Administer  OAS. 
Database  recovery,  RMAN 
backup,  Datastage.  ERWIN, 
Reportwriter,  Forms,  Replication 
Manager,  Pro'C,  Shell  Scripting. 
Use  Solaris,  HP-UX,  AIX,  DEC- 
Alpha,  NT.  Req.  BS  in  CS,  Math 
or  other  Engg  or  sci  field  +  1  yr 
exp.  in  job  offd.  40hr/wk 
Resume  to:  HR  Mgr,  Omnisoft, 
Inc.,  1265  Compass  Pointe 
Crossing,  Alpharetta,  GA  30005. 


Netegrity,  Inc.,  a  leader  in 
Software,  Services  and  High 
Technology  seeks  a  Prof¬ 
essional  Services  Consultant. 
Position  requires  degree  and 
industry  experience.  Also 
requires  70-80%  domestic 
and  international  travel.  If 
interested  send  resume  to 
Human  Resources,  Netegrity, 
Inc.,  201  Jones  Road,  5th 
Floor,  Waltham,  MA  02451,  or 
via  fax:  781-207-5835,  or 
online  at  www.netegrity.com. 
EOE. 


Mechanical  Software  Engineer: 
Develop  Human-Machine 
Interface  (HMI)  for  Real-time 
soft  motion  control  modules  on 
Windows  NT/2000/XP  platform. 
Design  PC-based  Computerized 
Numerical  Control  (CNC)  and 
Programmable  Logic  Control 
(PLC),  industrial  robots  and 
servo  motion  control  functions 
and  algorithms  in  C,  Visual 
C++/MFC  and  Visual  Basic. 
Perform  control  system  integra¬ 
tion  and  evaluation,  machine 
dynamics  and  vibration  analysis 
and  servo  tuning  for  CNC  lathe 
and  milling  machines.  Manage 
chassis  and  board  structure 
design  and  improvement  with 
CAD  systems.  Link  CAD/CAM 
packages  for  Direct  Numerical 
Control  (DNC).  Requirements 
include  a  Master's  degree  or 
equivalent  in  Mechanical 
Engineering.  No  work  experi¬ 
ence  required.  Applicants  must 
have  unrestricted  authorization 
to  work  in  the  United  States. 
Salary  $77, 539/year.  40 

hours/wk.  Respond  with  two 
copies  of  resume  to  Case 
#200202478,  Labor  Exchange 
Office,  19  Stamford  St.,  1st  FI., 
Boston,  MA  02114. 


DBAs  to  install,  configure/ 
administer  Oracle  database, 
SQL*Net,  Net8:  design  &  devel¬ 
op  appls  using  Oracle,  Dev 
2000,  SQL,  etc;  maintain  &  mon¬ 
itor  backup,  recovery  procedures 
and  maintain  database  securi- 
ty;design,  code  Java2Beans  for 
Oracle  database  access;  per¬ 
form  data  entity  design  in  Erwin, 
web  interface  design  &  appl  logic 
definition.  Prog.  Analysts  to  ana¬ 
lyze,  develop  appls  using  OOAD, 
Java,  J2EE,  ASP,  EJB,  XML, 
Jscript,  Active  X,  JFC  Swing, 
HTML, etc.  under  Windows, 
UNIX  os;  perform  req  analysis; 
provide  on  site  maintenance 
such  as  debug,  modify,  fine  tune 
&  code  optimization.  Require: 
BS  or  foreign  equiv.  in  CS/Engg. 
(any  branch)  &  2yrs  exp  in  IT. 
Comp.  Salary.  Travel  involved. 
F/T.  Resume  to:  Infilink 
Corporation,  4  Concourse 
Parkway,  Ste  270,  Atlanta,  GA 
30328 


INTECH  Software  Solutions  has 
several  openings  for  Software 
Engineers.  Will  be  responsible  for 
research,  design  &  development 
of  software  sys  and  applns.  Must 
have  a  strong  background  in  five 
or  more  of  the  following:  Java, 
C++,  Tuxedo,  Smalltalk,  VB, 
Oracle,  Sybase,  SQL  Server, 
UML,  XML,  XSL,  Rational  Rose, 
MQ  Series,  Visibroker,  CRM, 
OOD/OOP,  EAI,  iPlanet, 
WebLogic,  Solaris,  and  Windows. 
Must  have  MS  or  eqvlnt.  in 
Comp.  Sci  or  Engineering  and  3 
yrs  rele  exp  Job  in  Atlanta,  GA 
and  other  locations.  Send  resume 
to  HR.  Intech  Software  Solutions, 
12600  Deerfield  Parkway,  Suite 
100,  Alpharetta.  GA  30004. 
Email:  hr@intechsw.com 


Prog.  Analysts  to  analyze, 
design,  develop  network  securi¬ 
ty  s/w  using  VC++,  C++,  SQL 
Server,  MS  Access,  IBM  Visual 
Age,  Apache  Web  Server,  etc. 
under  Windows/UNIX  os;  design 
server  side  Java  Components, 
GUI  using  JScript,  JSP, 
Servlets,  HTML,  etc;  design  and 
optimize  database  using  JDBC, 
SQL,  ODBC,  etc;  develop 
encription  schemes;  deploy, 
evaluate,  test  appls.  Require 
BS  or  foreign  equiv.  in 
CS/Computer  Engineering  with 
2  yrs  exp  in  IT  field.  High  salary, 
travel  involved.  F/T.  Resumes: 
HR,  Lancope,  Inc.,  3155  Royal 
Drive.  Bldg.  100,  Alpharetta,  GA 
30004. 


Prog.  Analysts  to  analyze, 
design,  develop  appls  using 
C++,  VB.Net.  ASP.Net,  Java, 
JSP,  Java  Script,  COM,  Oracle, 
SQL  Server,  IIS,  HTML,  etc. 
under  Windows, UNIX  os;  per¬ 
form  system  &  functional  analy¬ 
sis;  document  development 
process;  test,  debug  and 
upgrade  existing  software. 
Require  candidates  with  BS  or 
foreign  equiv.  in  CS/Engg. (any 
branch)  &  2yrs  exp.  in  S/W  field. 
F/T.  Travel  involved.  Competitive 
salary.  Send  Resumes  to:  HR, 
Softrim  Corporation,  3443  Pine 
Ridge  Road,  Naples,  FL  34109 


QA  Specialist:  Produce  test 
plan,  test  reqmts  documents; 
create  &  run  test  scripts;  compile 
test  scripts  into  test  procedures; 
code/dvlp  VB  scripts  for  regres¬ 
sion  testing;  track  &  verify  status 
of  defects;  dvlp  &  run  SQL 
queries,  w/  Client/Server  Testing 
&  Rational  products,  w/propri- 
etary  &/or  COTS  applies  &  main¬ 
frame  applies.  Req.  Bach  in  CS, 
MIS  or  other  related  field  +  2  yr 
exp.  in  job  offd.  Resume  to  Ms. 
Parchment,  Business  Computer 
Applications,  2180  Satellite 
Blvd.,  Ste  325  Duluth,  GA  30097 


Seeking  qualified  applicants  for 
the  following  positions  in  Mem¬ 
phis/Collierville,  TN:  Senior  Bus¬ 
iness  Application  Analyst.  Act  as 
liaison  between  technical  devel¬ 
opers  and  users/customers 
Requirements:  Bachelor's  degree 
or  equivalent*  in  computer  sci¬ 
ence,  math,  statistics,  business  or 
related  field  plus  5  years  of  expe¬ 
rience  in  analyzing  business  sys¬ 
tems  and  developing  technical 
automated  solutions.  Experience 
with  software  development  life 
cycle  process  and  SQL  also 
required.  ’Master's  degree  in 
appropriate  field  will  offset  2  years 
of  general  experience.  Submit 
resumes  to  Sibi  George,  FedEx 
Corporate  Services,  1900  Summit 
Tower  Blvd.,  Suite  1400,  Orlando, 
FL  32810.  EOE  M/F/D/V. 


Software  Engineers  Need¬ 
ed.  Seeking  qualified  candi¬ 
dates  possessing  MS/BS  or 
equiv.  &/or  relevant  work 
experience.  Part  of  the  rel. 
req.  exp.  must  include  1 
year  working  w/  Data 
Transformation  Services. 
Duties  include  design, 
develop,  test  and  support 
software  applications  and 
systems.  Mail  res.,  sal.  req. 
&  ref.  to:  Smartopia,  Inc., 
1990  Middlesex  St.,  #5, 
Lowell,  MA  01851.  ATTN: 
HR. 


Software  Enggs.  to  lead  teams 
to  design,  develop/maintain 
web  appls  using  Java,  J2EE, 
Servlets,  ASP,  EJB,  HTML, 
JavaScript,  JSP,  VB,  SQL 
Server,  etc  on  Windows  &  UNIX 
OS;  provide  training  &  user  sup¬ 
port  for  the  systems  and  related 
appln  internally  &  to  clients; 
debug  and  modify  existing  soft¬ 
ware.  Require:  MS  or  foreign 
equiv  in  Comp.  Sci  /  Comp. 
Engg.  &  1  yr  exp.  in  IT.  Full  time. 
High  Salary.  Travel  involved. 
Respond  by  mail  to  HR,  ABZ 
Consulting,  Inc.,  2600  Century 
Prkwy,  Ste  100,  Atlanta,  GA 
30345. 


Hetrosys,  LLC,  based  in  Detroit, 
Michigan  seeks  Senior  UNIX 
System  Administrators  and 
Senior  Database  Administrators 
for  Detroit  and  nation-wide 
opportunities.  All  positions 
require  B.S.  in  Computer 
Science.  UNIX  position  requires 
two  years  high  availibility  experi¬ 
ence  and  MC/Service  Guard 
certification.  Database  positions 
require  two  years  experience  in 
decision  support  application 
development  or  data  warehous¬ 
ing  in  addition  to  standard  suite 
of  ORACLE  administration  tools. 
Apply  via  U.S.  Mail  with  resume 
to  Hetrosys,  LLC,  3757  S. 
Baldwin  Road  #223,  Lake  Orion, 
Ml  48359 


Computers-Seeking  qualified 
candidates  for  senior  and  mid¬ 
level  IT  professional  positions 
including:  Programmer  Analysts, 
Project  Managers,  Software 
Engineers,  IT/Software  Consul¬ 
tants,  Systems  Analysts. 
Qualified  candidates  must  pos¬ 
sess  MS/BS  or  equiv.  and/or  rel. 
work  exp.  Some  positions 
require  1  yr.  SAP  exp.  Exp.  in 
multi-module  implementation/ 
multi-OS  environment  is  pre¬ 
ferred.  Strong  RDBMS  back¬ 
ground  a  plus.  Fwd  resume  & 
references  to:  Halcyon 

Solutions,  Inc.,  Attn:  HR,  950 
Taylor  Station  Rd.,  #D, 
Columbus,  OH  43230. 
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Application  Software  Engin¬ 
eers  needed.  Seeking  qual. 
candidates  possessing  MS/ 
BS  or  equiv.  &/or  relevant 
work  experience.  Siebel  cert¬ 
ification  and  experience 
preferred.  Duties  include  Re¬ 
search,  design  and  develop 
software  applications  and  an¬ 
alyze  software  requirements. 
Mail  res.,  sal.  req.  &  ref.  to: 
e-Prosoftgroup,  Inc.,  5617 
Bymeland  St.,  Madison,  Wl 
53711,  ATTN:  HR. 

We  do 
a  better  job 
at  helping 
you 

get  one. 


SEARCH  FOR 
JOBS 

AND  POST 
YOUR  RESUME 
ON 

ITCAREERS.COM 
CHECK  US  OUT! 


SYSTEM  ANALYST  analyze, 
design,  develop,  test  and  imple¬ 
ment  business  apps,  automated 
processing  activities  using 
Oracle  &  Developer  2000. 
Develop  Forms  &  Reports, 
design  &  code  on-line  screens  in 
Oracle  database,  document  sys¬ 
tem  model  in  Designer  2000. 
Write  PUSQL  batch  programs 
for  reading  text  files.  Forms, 
Reports,  PL/SQL,  Java  Servlets, 
DHTML,  MS  Access.  Master's 
in  Mgmt  Information  Systems 
/related  field  w/  2  yrs  of  exp.  as 
I.T.  professional  &  at  least  1  yr 
exp.  in  all  above  technologies, 
skills  &  tools  required.  Will 
accept  Bachelor’s  w/  5  yrs  exp. 
in  lieu  of  Master's  w /  2  yrs  exp. 
Send  resume  to:  Palayekar 
Companies.  Inc  1959  East  Third 
St,  Williamsport,  PA  17701 


SOFTWARE  ENGINEER 
Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications: 
analyze  software  requirements 
to  determine  feasibility  of 
design:  direct  software  system 
testing  procedures  using  exper¬ 
tise  in  Flash,  TIBCO,  XML, 
STRUTS,  EJB  and  WebLogic. 
Requirements:  Bachelor's 

Degree  or  equivalent  in 
Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or  com¬ 
puter  programmer,  knowledge  of 
Flash,  TIBCO,  XML,  STRUTS, 
EJB  and  WebLogic.  Salary: 
$66, 000/year.  Working 

Conditions:  8:00  A.M.  to  5:00 
P.M.,  40  hours/week,  involves 
extensive  travel  and  frequent 
relocation.  Apply:  Site 
Administrator,  Greene  County 
Team  PA  CareerLink,  4  West 
High  Street,  Waynesburg,  PA 
15370,  Job  No.  WEB352072. 


NetXert,  Inc.,  has  openings  for 
Programmers,  Software  Cons¬ 
ultants,  Programmer  Analysts, 
DBA's,  Systems  Analysts, 
Engineering  Programmer  with 
three  or  more  of  the  following 
skills:  Java,  J2EE,  .net/ASP, 
Visual  Basic,  C,  C++,  Visual 
C++,  Coldfusion,  Cobol,  SQL 
Server,  DB2,  CICS,  Oracle, 
Informix,  Sybase,  Access, 
Actuate,  PeopleSoft,  SAP, 
PowerBuilder,  WebSphere, 
WebLogic,  WebMethods, 
Apache,  Unix,  WinNT,  Linux; 
Bachelor's  or  Master's  degree 
(or  foreign  equiv)  plus  1  or  2  yrs 
exp  req'd  depending  upon  posi¬ 
tion.  For  some  positions,  we 
also  accept  degree  equiv.  in 
educ.  &  experience.  Travel 
and/or  relocation  required. 
Send  resume  &  salary  reqmt  to: 
H.R.,  NetXert,  Inc.,  315  E. 
Eisenhower  Pkwy,  Suite  315, 
Ann  Arbor,  Ml  48108 
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Director,  Managed  Solutions 
Practice-Meet  w /  management 
of  prospective  client  to  analyze 
client's  needs.  Propose  project 
&  pricing,  utilizing  on-shore  & 
offshore  teams.  Plan  &  manage 
project  deadlines  &  budget.  Act 
as  liaison  between  client,  on-site 
team  &  offshore  team.  Respon¬ 
sible  for  successful  implementa¬ 
tion  &  customer  satisfaction.  Will 
accept  Bachelor's  Degree  or  for¬ 
eign  equivalent  in  Computer 
Science,  Engineering,  Business 
or  related  field.  Must  have  2  yrs. 
consulting,  project  management 
or  related  exp.  The  2  yrs  exp 
must  include  1  yr  of  project  coor¬ 
dination  exp  for  project  requiring 
on-site  &  offshore  teams.  Must 
have  SAP  exp  $100K/yr, 
40hrs/wk  EEO/AAP/M/F/V/H 
Submit  resumes  to:  Fayette  Cty, 
CareerLink,  ATTN:  CareerLink 
Program  Supervisor,  32  Iowa 
St.,  Uniontown,  PA  15401-3513, 
Job  Order  No:  WEB  351022 


DynPro,  Inc.,  a  leading  IT 
Consulting  firm,  is  seeking  qual¬ 
ified  computer  professionals 
with: 

•  Websphere,  Net.Commerce, 
Net.Data 

•  JAVA,  JavaScript,  RMI,  Swing 

•  CGI  scripting-Perl,  Shell,  Korn 

•  C++,  OOS,  OOP,  Visual 
Basic,  visual  C++ 

•  SQL  Server,  DB2,  Oracle, 

QMF 

•Win  NT  and  UNIX 
administration,  AIX 

•  ABAP/4programming 

•  SAP-SD,  SM,  MM,  PP,  PI, 

WM,  QM,  PM,  FI-CO,  HR, 

BIW,  CRM,  ASP,  HTML,  XML 

•  Lotus  Notes,  Crossworld 

•  JD  Edwards 

All  positions  require  MS/BS 
degree  with  1  or  2  years  of  expe¬ 
rience  in  the  field  and  willing¬ 
ness  to  travel  to  client  sites 
throughout  the  USA.  Please  e- 
mail  resumes,  prior  to  10/1/03, 
to:  mplueddemann@dynpro.com 
EOE 


Senior  Software  Engineer 

InfoWeb  Systems,  Inc.,  a  lead¬ 
ing  provider  of  comprehensive 
computer  software  services  and 
solutions,  requires  a  Senior 
Software  Engineer.  Analyze 
requirements  and  design  and 
develop  webpage  screenshots 
and  applications  using  Sabre 
CRS,  Amadeus  JRES,  BEA 
Portal  and  ISAPI.  Document 
designs,  prototypes  and  applica¬ 
tions  developed. 

Job  Requirements:  Masters 
Degree  in  Computer  Science  or 
equivalent  and  2  years  experi¬ 
ence  in  all  phases  of  Software 
Development  Life  Cycle  using 
Sabre  CRS,  Amadeus  JRES, 
BEA  Portal  and  ISAPI. 
Document  designs,  prototypes 
and  applications  developed. 

Mail  /  Fax  your  resume  to: 

InfoWeb  Systems,  Inc. 

3435,  Asbury  Road,  Suite  175 
Dubuque,  IA  52002 
Fax:  563.556.7990 


Software  Engineer  to  direct, 
research,  design,  develop,  test 
and  document  software  systems. 
The  candidate  should  be  well 
versed  in  all  phases  of  SDLC 
and  SEI  methodologies.  Should 
be  technically  sound  with  hands 
on  experience  in  building  Client- 
Server,  distributed  and  web 
applications  on  UNIX  and 
Windows  platforms  using  C++, 
Java,  CORBA,  RDBMS, 
BroadVision,  TIBCO,  Cognos, 
shell  scripting,  Clearcase, 
OOAD,  UML  and  RUP.  Masters 
Degree  in  Engineering,  and  three 
years  experience.  Send  resume 
to  following  address:  Innovative 
Consulting  Solutions,  LLC,  1000 
E.  Woodfield  Rd„  Suite  102, 
Schaumburg,  IL  60173. 


We  seek  exp’d  IT  professionals 
&  Network  Engineers  / 
Administrators  &  Public  Health 
Data  Analyst  /  Consultant  /  SAS 
Programmer.  IT  Professionals 
must  have  B.S.  C/S  or  Eng’g  or 
electrical  /  Electronics  Eng'g.  & 
exp.  using  the  following  skills: 
(a)  OEM,  SQL  Navigator,  ETL 
Tools,  SQL  Anywhere,  Business 
Objects,  HP-UX,  Sun  Solaris;  (b) 
Ultrix,  Delphi,  LISP,  ProLogue, 
MVS,  UDB,  IEEE  v  6.0,  Tivoli; 
(c)  SCO  UnixWare  /  Open 
Server,  SANs,  HP  900  series, 
SunFire  6800,  K-Shell  Scripting, 
iPlanet  Application  /  Web 
Servers;  (d)  Optimize  SQL, 
Hypersion  Essbase  5.0,  T-SQL, 
BCP  Scripting,  Risk  Scripting, 
HP-9000-800,  ETL  Tools  (e) 
Network  Engineers  /  Admin¬ 
istrators  must  have  2  yrs.  exp.  & 
B.S.  or  Assoc.  Degree  in  C/S  or 
C/A.  (f)  Public  Health  Data 
Analyst  /  Consultant/  SAS 
Programmer  must  have  B.S.  / 
MS  in  CIS  or  Public  Health  and 
exp.  in  statistical  analysis  of 
public  health  data  /  healthcare 
data  using  SAS  8.2,  SUDAAN, 
SPSS,  EPI-Info  2000.  Please 
send  resumes  only  to  HR, 
American  Cybersystems,  Inc., 
100  Crescent  Center  Pkwy,  Ste 
290,  Tucker,  GA  30084 


Enhance  your  career  possibili¬ 
ties  with  Fidelity  Information 
Services.  We  currently  have 
openings  for  the  following  posi¬ 
tions  in  San  Diego,  CA. 
Programming  Supervisor:  Resp. 
include  managing  design,  devel¬ 
opment,  testing,  documentation 
and  analysis  of  ACBS  software 
systems  in  the  AS/400  environ¬ 
ment.  Qualified  individuals  must 
have  appropriate  degree  or 
equivalent  and  relevant  experi¬ 
ence  including.  2  yrs.  of  exp  with 
ACBS  software. 

Consultant  II:  Implement  ACBS 
suite  of  products/applications  by 
leading  support  for  installation, 
configuration/design,  testing, 
conversion,  and  debugging. 
Qualified  individuals  must  have 
appropriate  degree  or  equivalent 
and  relevant  experience  includ¬ 
ing  2  yrs.  of  exp.  with  commer¬ 
cial  lending  products.  Please  fax 
or  send  resume  with  references 
to  Jennifer  Michel  at  Fidelity 
Information  Services,  12250  El 
Camino  Real,  Ste  140,  San 
Diego,  CA  92130;  Fax:  858- 
703-2465. 


SOFTWARE  ENGINEER 
Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of 
design;  direct  software  system 
testing  procedures  using  exper¬ 
tise  in  EJB,  XML,  JSP,  STRUTS, 
Tomcat,  UML  &  JDBC.  Req¬ 
uirements:  Bachelor’s  Degree  or 
equivalent  in  Computer  Science 
or  related  field  and  two  years 
experience  as  a  software  engi¬ 
neer  or  computer  programmer, 
knowledge  of  EJB.  XML,  JSP 
STRUTS,  Tomcat,  UML  & 
JDBC.  Salary:  $66, 000/year. 
Working  Conditions:  8:00  A.M. 
to  5:00  P.M.,  40  hours/week, 
involves  extensive  travel  and 
frequent  relocation.  Apply:  Site 
Manager,  Armstrong  County 
CareerLink,  1270  North  Water 
St.,  PO  Box  759,  Kittanning,  PA 
16201,  Job  No.  WEB352066. 


Datagence  Inc.  has  openings  for 
Senior  Software  Systems 
Engineers  for  Iocs  in  NJ  &  else¬ 
where.  Research,  analyze, 
dsgn,  dvlp,  test,  &  implmt  s/ware 
applies  using  Java,  Perl, 
ModPerl,  Oracle,  SQL  Server, 
PostgressSQL,  HP/UX,  Sybase, 
Linux,  Visual  C++  &  VB.  Reqs: 
Masters  or  equiv  in  Sci..  Engg., 
Comp.  Sci.  or  Math.,  w/2  yrs 
exp.  Bach  w/at  least  5  yrs.  of 
progressive  exp.  will  be  accept¬ 
ed  in  lieu  of  masters.  Must  have 
legal  authority  to  work  in  US. 
Excellent  pay  &  benefits.  Mail 
resume  w/proof  of  work  status 
to:  restevez@datagence.com 
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Info-Matrix  Corporation  has 
immediate,  opportunities  for 
both  entry-level  and  experi¬ 
enced  Programmers, 

Programmer  Analysts.  Systems 
Analysts,  Software  Engineers. 
DBA's  and  Software  Consultants 
with  three  or  more  of  the  follow¬ 
ing  skills: 

SQL,  GUI,  COBOL,  Unisys 
2200/Clearpath  COBOL,  DMS, 
ROMS,  TIP.  ECL,  WebTS, 
OLTP,  as  well  as  MS. Net  Visual 
Basic,  OOD,  C++,  Visual  C++, 
Oracle,  Sybase,  MFC, 
PowerBuilder,  Oracle  7.1  or 
later,  Crystal  Reports.  Rational 
Rose,  JavaScript,  HTML, 
DHTML,  IIS,  ASP,  Java,  LAN  & 
WAN  networking,  SNMP,  Frame 
Relay,  Socket  Interface, 
Network  Node  Manager,  TCP/IP, 
Open  View,  Shell  scripting, 
Oracle  SQL,  Configuration 
Management  Software 
Bachelor's  or  Master's  degree 
reqd.,  depending  on  position. 
1  yr  exp  reqd.  depending  on 
position  We  also  accept  the  for¬ 
eign  edu.  equiv.  of  the  degree, 
or  the  degree  equiv.  in  edu.  and 
exp.  Frequent  travel  and  reloca¬ 
tion.  Send  confidential  resume 
and  salary  requirements  to: 
2101  North  Front  St.,  Bldg.  4, 
Ste  100,  Harrisburg,  PA  17110 
Visit  our  website  at  www.info- 
matrix.com. 


SENIOR  WEB  DEVELOPER  to 
design,  develop,  test,  implement 
and  support  client/server  and 
web-based  application  software 
using  VB,  ASP,  VBScript, 
JavaScript,  HTML,  DHTML, 
XML,  ADO,  Crystal  Reports, 
ActiveX  Controls,  T-SQL,  PL/ 
SQL,  DTS  Packages,  Oracle, 
SQL  Server,  IIS,  MTS  and  MS 
Access  with  object  oriented 
methodologies  of  COM/DCOM 
on  Windows  NT/200C  platforms. 
Require:  M.S.  degree  in  Comp¬ 
uter  Science/Engineering,  or  a 
closely  related  field  with  2  yrs  of 
exp  in  the  job  offered  or  as  a 
Software  Engineer;  A  B.S. 
degree  with  5  yrs  of  progres¬ 
sively  responsible  exp  in  the 
field  will  be  considered  equiva¬ 
lent  to  a  M.S.  degree  and  2  yrs 
of  exp.  Competitive  salary 
offered.  Send  resume  to  com- 
municationse@sensormatic.co 
m  or  to  Sensormatic  Electronics 
Corp.,  6600  Congress  Ave., 
Boca  Raton,  FL  33487;  Attn:  HR 
Ref.  -  Job  AL„ 


Seeking  qualified  applicants  for 
the  following  positions  in 
Colorado  Springs,  CO:  Senior 
Business  Application  Analyst. 

Plan,  direct  and  coordinate 
large-scale  IT  development  pro¬ 
jects.  Requirements:  Bachelor's 
degree*  in  computer  science, 
mathematics,  statistics,  accoun¬ 
ting  or  business  plus  5  years  of 
experience  in  analyzing  busi¬ 
ness  systems  and  developing 
technical  automated  solutions. 
Experience  with  analytical 
reporting  using  either  Focus, 
SAS,  SQL  or  business  intelli¬ 
gence  tools;  and  project  or  pro¬ 
gram  management  also 
required.  'Master's  degree  in 
appropriate  field  will  offset  2 
years  of  general  experience 
Submit  resumes  to  Recruitment, 
FedEx  Corporate  Services,  350 
Spectrum  Loop,  Colorado 
Springs,  CO  80921.  EOE 
M/F/DA/. 


Dynamic  Systems,  Inc. 
Programmer/Systems 
Analyst/Business  Analyst  For 
Lansdale,  PA  or  North 
Brunswick,  NJ 
Internet:  Java,  JSP,  EJB, 
WebSphere,  WebLogic,  Perl/CGI, 
VB,  ASP,  Cm,  ASP.NET,  VB.NET 
Admin:  AIX,  HP-UX.  Solaris, 

Unix,  Oracle.  Sybase,  SQL 
Server,  DB2,  Informix 
Skills:  RDBMS,  Unix,  VC++. 
C.C++,  AS/400,  RPG,  IBM  MF 
Cobol,  DB2,  Clintrial.  LIMS. 

Oracle  Clinical 

1086  525  Milltown  Rd,  Suite#107, 
North  Brunswick,  NJ  08902  650  N 
Cannon  Ave,  Lansdale,  PA  19446. 
Phone:  732-246-2297  Fax:  732- 
246-3362 

job@dynamicsystems-inc.com 

WWW.Dynamicsystems-inc.com 


IT/IS  Manager.  Provide 
Information  Technology  Strat¬ 
egies,  Capacity  planning  and 
prioritizing  of  IT-related  projects, 
Budgeting  and  purchase  of 
hard-  and  software  plus  external 
consulting  services,  Integration 
of  computer  systems  with  the 
headquarters  in  Sweden 
Development  and  ongoing  host¬ 
ing  of  Corporate  Intranet 
Website.  Deployment  of  corpo¬ 
rate  wide  VPN-based  server- 
system,  Work  with  Risk  man¬ 
agement  of  virus-attacks,  hack¬ 
er-attacks  and  loss  of  portable 
computers.  Work  with  backup 
procedures  for  emergency  data 
recoveries.  Monitor  upcoming 
technology  that  can  be  put  into 
business  use,  Internal  education 
and  support  within  IT/IS. 
Creating  Electronic  documenta¬ 
tion  for  customers,  Web  based 
customer  support  and  e-com¬ 
merce.  Establish  ability  of  cus¬ 
tomer  to  post  e-mail  questions  to 
highly  qualified  dental  special¬ 
ists.  Work  with  VPN,  NT  Server. 
Exchange  Server,  SQL  Server, 
IIS  Server,  HTML,  TCP/IP, 
DHCP,  wired  and  wireless  LAN. 
Demonstrated  ability  providing 
Information  Technology  Strat¬ 
egies,  Capacity  planning  and 
prioritizing  of  IT-related  projects, 
Budgeting  and  purchase  of 
hard-  and  software  plus  external 
consulting  services.  Demon¬ 
strated  ability  working  with  NT 
Server,  Exchange  Server,  SQL 
Server,  IlS-Server,  TCP/IP, 
DHCP,  LAN.  $99,41 3/yr.  40 
hr/wk.  9:00  a.m.  -  5:00  p.m. 
Must  have  4  years  exp.  Send  2 
resumes:  Case  #200202567, 
Labor  Exchange  Office,  19 
Staniford  Street,  1st  fl„  Boston, 
MA  02114. 


WEB  DEVELOPER  (Delray, 
Florida  &  unanticipated  employ¬ 
er’s  branches  and  affiliates 
nationally):  Develop  robust,  effi¬ 
cient  web  and  packaged  sys¬ 
tems.  Analyze  existing  applica¬ 
tions  and  business  process 
flows,  and  recommend  solutions 
for  improvement.  List  benefits/ 
pitfalls  for  software  projects  and 
provide  time  estimates  for  new 
projects.  Design  new  systems, 
write  efficient  code,  provide  test 
environment,  implement  and 
support  the  finished  products. 
Must  be  able  to  utilize  and  have 
experience  in  (1)  developmental 
tools  in  MS  Visual  Studio  6.0  & 
Visual  Studio.Net  (C#  &  VB.Net), 
Visio  &  Crystal  Reports;  (2) 
database  technologies  in  MS 
SQL  Server  7.0/MS  SQL  Server 
2000;  (3)  XML,  UML  &  object- 
oriented  technology;  &  (4)  plat¬ 
forms  Win  2000  (Professional/ 
Server/Advanced  Server).  Must 
be  able  to  utilize  and  have 
knowledge  of  Web  Services 
(.Net).  Must  possess  a  Master's 
degree  or  equivalent  in 
Computer  Sc.  or  Computer 
Engrg.;  and  6-mth  experience  in 
job  offered  or  6-mth  experience 
as  Software  Engr.  or  Software 
Developer.  $70,000/yr;  8am- 
5pm;  40  hrs/wk;  M-F.  Send  2 
resumes  to  HR101,  Travel 
Services  International,  Inc.  dba 
MyTravel  USA,  220  Congress 
Park  Dr.,  Delray  Beach,  FL 
33445. 


Programmer  Analyst, 
Austin,  TX  -  Develop,  pro¬ 
gram  and  test  custom  inter¬ 
faces  and  data  conversion 
programs  for  information 
technology  company. 

Client  Support  req’d.  BS  in 
Computer  Science  or  relat¬ 
ed  field.  Salary  commensu¬ 
rate  with  exp.  40  hrs/wk, 
8:30  AM  -  5:30  PM,  M  -  F. 
Mail  resume  to:  Info  Tech, 
Inc.,  5700  SW  34th  Street, 
Suite  1235,  Gainesville,  FL 
32608.  EEO  M/F/V/D 
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Spending 

in  2004  to  remain  flat  with 
this  year’s  spending  level. 

On  average,  IT  spending 
will  amount  to  about  3%  of 
corporate  revenue  next  year, 
predicted  Stamford,  Conn.- 
based  Meta.  That’s  down  from 
the  boom  years  of  the  dot-com 
era.  But  Howard  Rubin,  Meta’s 
executive  vice  president,  not¬ 
ed  that  IT  spending  as  a  per¬ 
centage  of  revenue  was  even 
lower  before  the  boom  helped 
fatten  those  figures. 

“Companies  are  finding 
they  can  run  their  operations 
at  a  lower  level  [of  spending],” 
he  said.  “It’s  almost  like  a  mar¬ 
ket  correction.” 

Rubin’s  assessment  maps 
with  the  situation  at  Eastman 
Chemical  Co.  in  Kingsport, 
Tenn.  CIO  Jerry  Hale  said  the 
chemicals  maker  plans  to 


shave  its  2004  IT  budget  by 
10%  compared  with  this  year’s 
allocations,  while  continuing 
to  maintain  existing  support 
for  its  business  operations. 

During  2004,  Eastman  will 
focus  on  maximizing 
the  value  of  its  pre¬ 
vious  investments  in 
manufacturing-exe¬ 
cution  and  ERP  sys¬ 
tems,  a  data  ware¬ 
house  and  a  corpo¬ 
rate  Web  portal, 

Hale  said. 

But  the  spending 
cutbacks  made  by 
many  companies 
during  the  past  few 
years  could  eventually  have  a 
whiplash  effect  on  IT  depart¬ 
ments,  said  Tom  Pisello,  presi¬ 
dent  and  CEO  of  Orlando- 
based  Alinean.  According  to 
Pisello,  corporate  business 
units  have  resorted  to  creating 
“shadow”  IT  departments  to 
launch  pet  projects  that  have 


been  stalled  by  IT  budget  cuts 
(see  “Dealing  With  Rogue  IT,” 
Page  27).  Eventually,  IT  man¬ 
agers  could  become  responsi¬ 
ble  for  maintaining  the  sys¬ 
tems  installed  by  business 
units,  he  said. 

Tom  Murphy,  CIO 
at  Royal  Caribbean 
Cruises  Ltd.  in  Mia¬ 
mi,  said  he  expects 
the  company’s  ongo¬ 
ing  IT  support  costs 
to  rise  5%  in  2004, 
while  capital  spend¬ 
ing  should  see  a 
spike  of  10%  to  15%. 
The  increase  in  capi¬ 
tal  investments  will 
be  driven  by  a  continuation  of 
the  cruise  line’s  efforts  to  re¬ 
vamp  its  supply  chain,  install 
middleware  on  ships  and  at 
shoreside  facilities,  and  imple¬ 
ment  new  customer-facing 
systems  “to  help  us  be  easier 
to  do  business  with,”  he  said. 

As  the  information  systems 


director  at  Holiday  Retire¬ 
ment  Corp.  in  Salem,  Ore., 
Steve  McDowell  is  in  the  envi¬ 
able  position  of  expecting  his 
IT  budget  to  swell  by  25%  to 
30%  next  year.  That’s  because 
the  operator  of  270  retirement 
facilities  in  the  U.S.  and  Cana¬ 
da  still  has  to  automate  many 
of  its  operations,  he  said. 

For  example,  daily  updates 
on  the  arrivals  and  departures 
of  the  senior  citizens  that  Hol¬ 
iday  Retirement  houses  are 
now  done  manually  and  sent 
via  overnight  delivery  to  com¬ 
pany  headquarters.  Next  year, 
the  company  hopes  to  use  its 
J.D.  Edwards  &  Co.  ERP  sys¬ 
tem  to  automate  that  process, 
with  IBM’s  Notes  software  as 
a  front-end  application. 

Rubin  said  some  companies 
will  continue  to  “spend  money 
to  save  money,”  such  as  invest¬ 
ing  in  server  consolidation 
projects  to  bring  down  hard¬ 
ware  purchasing,  leasing  and 


maintenance  costs.  But  many 
IT  departments  that  have  been 
cost-focused  in  the  past  three 
years  are  likely  to  pad  their  in¬ 
vestments  in  CRM  technology 
to  help  grow  revenue  as  con¬ 
sumer  confidence  begins  to 
pick  up  steam,  he  added. 

Even  so,  most  companies 
likely  will  continue  to  take  a 
“piecemeal  approach”  to  CRM 
rollouts  and  other  complex 
projects  instead  of  laying  out 
money  on  big-ticket  installa¬ 
tions,  said  Stephen  Minton,  an 
analyst  at  Framingham,  Mass.- 
based  IDC.  I 


MORE  ONLINE 

Hiring  to  remain  flat:  Most  CIOs  surveyed 
by  Robert  Half  Technology  don’t  expect  their 
IT  staffing  levels  to  change  in  Q4: 

QuickLink  40966 


From  the  archives:  In  July,  we  reported 
that  CIOs  were  using  the  economic  lull  to 
figure  out  what  investments  to  make  when 
the  economy  picks  up: 
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Symphony 

tight  right  now”  and  also  ques¬ 
tioned  whether  provisioning 
technologies  that  automatical¬ 
ly  reroute  data  traffic  might 
affect  the  system  configura¬ 
tions  that  IT  architects  have 
set  up  to  run  applications  on 
specific  servers. 

The  provisioning  tools  be¬ 
ing  developed  by  IBM  are 
based  on  technology  that  it 
picked  up  through  a  May  ac¬ 
quisition  of  Toronto-based 
software  vendor  Think  Dy¬ 
namics  [QuickLink  38454]. 
IBM’s  planned  rollout  follows 
announcements  of  data  center 
provisioning  technologies  and 
services  by  HP  and  Sun  as  part 
of  their  respective  Utility  Data 
Center  and  N1  initiatives. 

But  IBM  would  be  the  first 
major  vendor  to  actually  come 
to  market  with  software  that 
gives  users  the  ability  to  pro¬ 
vision  server  resources  on  the 
fly,  said  Richard  Fichera,  an 
analyst  at  Forrester  Research 


Inc.  in  Cambridge,  Mass. 

“This  is  a  really  important 
capability  for  anybody  at¬ 
tempting  to  do  virtualized 
data  centers,”  he  said.  “If  IBM 
can  truly  do  what  they’re 
claiming,  this  raises  the  bar  for 
other  players.” 

But  it  likely  will  take  years 
for  IBM  and  its  rivals  to  fully 
flesh  out  the  provisioning 
functionality,  Fichera  added. 
IBM  needs  to  prove  that  its 


tools  work,  “and  then  start 
working  through  the  list  of  ap¬ 
plications  that  people  have 
trouble  managing,”  he  said. 

Pricing  could  also  be  an  ob¬ 
stacle  for  some  users.  IBM 
said  Intelligent  Orchestrator 
will  start  at  less  than  $20,000, 
but  total  costs  for  wider  roll¬ 
outs  of  Symphony  products 
and  services  could  reach  sev¬ 
eral  million  dollars  for  compa¬ 
nies  with  large,  distributed 


computing  installations. 

The  Symphony  software 
will  support  multivendor 
computing  installations  and 
standards  such  as  XML,  the 
Open  Grid  Services  Architec¬ 
ture,  Java,  the  Simple  Network 
Management  Protocol  and 
SOAP,  said  Jocelyn  Attal,  a 
vice  president  at  IBM.  The 
tools  will  be  able  to  gather  in¬ 
formation  about  the  applica¬ 
tions  that  a  company  is  run- 


Sun  Adds  Remote  Monitoring  Service,  With  a  Pricing  Twist 


Sun  has  started  offering  its  top 
customers  a  remote  network 
monitoring  service  under  which 
the  vendor  captures  data  about 
a  company’s  use  of  computing 
resources  and  recommends 
ways  to  optimize  processing. 

Over  the  next  two  years,  Sun 
hopes  to  sign  up  70%  of  the 
corporate  users  it  does  business 
with  directly  to  use  the  remote¬ 
monitoring  capabilities,  said 
Vivek  Joshi,  vice  president  of 


strategies  at  the  company’s  Sun 
Services  unit. 

Pricing  for  the  service,  which 
is  based  on  a  Sun-developed 
monitoring  technology  called 
NetConnect,  will  be  handled  on 
a  customer-by-customer  basis, 
Joshi  said.  Companies  with 
“well-managed”  systems  will  get 
price  discounts  that  won’t  be 
made  available  to  users  that 
don’t  do  such  a  good  job  of 
managing  their  IT  infrastruc¬ 


tures,  he  added. 

“It’s  the  same  notion  as  health 
insurance,”  Joshi  said.  “If  you 
take  care  of  yourself  well,  you'll 
benefit  financially  and  opera¬ 
tionally.”  As  part  of  the  plan,  he 
said,  Sun  will  use  a  risk  profile  it 
has  developed  to  evaluate  IT  op¬ 
erations  at  customer  sites  and 
then  create  a  “wellness  index” 
for  determining  how  to  price  the 
remote-monitoring  service. 

-Thomas  Hoffman 


ning  “and  develop  a  workload 
model  based  on  resource  re¬ 
quirements,”  she  added. 

In  an  initial  project,  IBM  it¬ 
self  is  using  Intelligent  Or¬ 
chestrator  to  help  manage 
traffic  spikes  on  the  servers 
that  are  supporting  the  Web 
site  for  the  U.S.  Open  tennis 
tournament,  which  is  being 
held  in  Flushing  Meadow, 

N.Y.,  through  Sept.  7.  IBM  is 
managing  IT  operations  at  the 
tournament  for  the  United 
States  Tennis  Association. 

Amy  Wohl,  an  analyst  at 
Wohl  Associates  in  Narberth, 
Pa.,  said  that  IBM,  HP  and  Sun 
are  all  well  positioned  in  the 
emerging  market  for  data  cen¬ 
ter  provisioning  tools. 

“Customers  want  to  go  to  an 
IBM,  HP  or  Sun  to  help  them 
deal  with  their  messy  hetero¬ 
geneous  environments,”  Wohl 
said.  “They  don’t  want  to  buy 
this  from  12  different  niche 
vendors.”  > 


Robert  McMillan  of  the  IDG 
News  Service  contributed  to 
this  story. 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 

New  Work  World 


ON  THIS  LABOR  DAY  2003,  what’s  the  state  of  IT  work? 

According  to  the  numbers,  it’s  not  quite  as  bad  as  it 
could  be  —  but  it’s  still  pretty  grim.  A  report  out  last 
week  from  Robert  Half  Technology  says  that  only  4% 
of  CIOs  plan  to  cut  IT  staff  by  the  end  of  the  year  (see 
story,  QuickLink  40966).  Then  again,  only  9%  plan  on  adding  IT 
staff.  That’s  not  exactly  a  roaring  IT  job  market. 

But  dig  a  little  deeper,  and  you’ll  find  that  the  big  story  isn’t  in  the 
statistics.  It’s  in  what  companies  want  from  IT  people  going  forward: 
real  business  experience  to  go  along  with  technology  expertise. 


That’s  what  CIOs  are  telling  U.S.  colleges  and 
universities  they  need  from  computer  science 
graduates,  according  to  a  recent  Computerworld 
survey  [QuickLink  40537].  Those  CIOs  say  they 
don’t  want  to  hire  fresh-faced  geniuses  who 
have  mastered  the  latest  tech  but  are  clueless 
about  real-world  business  needs. 

And  CIOs  are  putting  in  more  time  and  effort 
than  ever  before  to  help  shape  computer  sci¬ 
ence  curricula,  so  they’ll  have  a  better  chance 
of  getting  future  IT  employees  with  the  busi¬ 
ness  and  communications  skills  they  need. 

That’s  the  state  of  IT  work  today:  Purely 
technical  work  is  out,  and  being  a  pure  technol¬ 
ogist  won’t  cut  it  in  corporate  IT  shops  any¬ 
more.  From  here  on  in,  the  relentless  focus  for 
IT  work  is  on  the  business. 

But  that  shouldn’t  be  a  surprise.  We’ve  been 
talking  about  the  importance  of  aligning  IT 
with  business  needs  for  a  long  time.  We’ve  been 
offloading  pure  technology  jobs  for  even  longer 
—  that’s  why  Microsoft,  SAP  and  Oracle  build 
our  software,  just  as  IBM,  Sun,  Dell  and  Cisco 
build  our  hardware.  And  increasingly,  the  rest 
of  our  pure  technology  work  will  be  done  by 
outsourcers. 

So  what  work  is  left  for  IT  people 
to  do?  Plenty. 

Right  now,  users  struggle  with 
our  systems.  They  struggle  because 
we  can’t  keep  up  with  them.  Busi¬ 
ness  conditions  change.  Business 
opportunities  appear  and  vanish. 

Our  users  react  in  real  time  — 
changing  the  way  they  do  business 
to  meet  those  constantly  shifting 
situations. 

But  our  systems  don’t  change  to 
match  those  changes  in  our  busi¬ 
ness  processes.  Forget  about  real 
time  —  we’re  lucky  if  we’re  just 


months  behind  in  tracing  those  changes.  Some¬ 
times  we’re  years  behind. 

Result:  Users  have  to  work  around  those  gaps 
where  systems  don’t  match  processes.  And 
those  work-arounds  cost  time  and  money  — 
and  sometimes  lost  business. 

And  often  enough  we  don’t  even  know 
there’s  a  problem.  Far  too  many  IT  people  fig¬ 
ure  their  job  is  done  if  a  system  meets  the  spec¬ 
ification  or  the  service-level  agreement  —  nev¬ 
er  mind  whether  it  matches  the  real  business 
process.  And  too  many  IT  people  don’t  have 
enough  contact  with  users  to  find  out  what  the 
real  business  processes  look  like  anyway. 

How  do  we  solve  those  problems  and  close 
those  gaps?  We  need  to  understand  our  busi¬ 
nesses  better.  We  need  to  communicate  with 
users.  And  ironically,  we  need  more  and  better 
technology  skills  —  that’s  the  only  way  we  can 
assemble  systems  that  are  flexible  enough  so 
we  can  continuously  retool  them  to  match  con¬ 
stantly  changing  business  processes. 

Yes,  that’s  right:  The  only  way  IT  people  can 
stay  relentlessly  focused  on  the  business  is  by 
being  even  better  when  it  comes  to  technology. 

Making  all  this  happen  won’t  be  simple.  For 
lots  of  us,  it  won’t  be  comfortable. 
And  even  if  we  get  it  right,  it  will 
never  be  orderly  or  tidy.  Business 
doesn’t  work  that  way.  We’ll  be 
carving  order  out  of  continuous 
change.  We’ll  be  wrestling  technol¬ 
ogy  into  place  one  day  to  support 
business  processes  that  may 
change  the  next. 

But  that  really  is  what’s  needed. 
So  forget  the  statistics,  and  start 
bearing  down  on  that  business 
problem.  Because  when  it  comes  to 
the  state  of  IT  work,  we’ve  got  our 
work  cut  out  for  us.  B 
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there  from  the 
warehouse.” 


Recovery  Disaster 

The  big  blackout  hits,  but  power  from  UPSs  lets  this 
pilot  fish  shut  things  down  properly  in  the  server  room. 
Next  day,  Ifctric  service  is  restored  -  but  now  fish  is 
locked  out  of  the  server  room.  “The  computer  room 
door  has  a  key-card  lock,  and  the  PC  controlling  it  did 
not  reboot  properly  and  won't  open  the  door,"  fish 
groans.  “Several  hours  later,  a  key  is  located.  Our  dis¬ 
aster  plans  now  include  the  key  to  the  server  room.” 

That’s  Why 

Everything  is 
ready  to  roll  out 
this  company’s 
new  digital  video 
system  -  IT  is  just  wait¬ 
ing  for  the  VP  who’s  or¬ 
dering  the  dozen  PC- 
controlled  videotape 
recorders.  “I  got  a  great 
deal!”  VP  brags  when 
they  arrive.  “These  were 
half  the  price  of  the 
model  you  guys  suggest¬ 
ed.  I  don’t  know  what 
you  were  thinking!”  But 
fish  knows.  “When  it 
came  time  to  plug  them 
in,”  he  says,  “we  discov¬ 
ered  they  didn’t  have  the 
necessary  connectors  to 
plug  into  the  PCs!” 


Priorities, 
Priorities 

When  this  executive’s 
PC  stops  working,  sup¬ 
port  pilot  fish  patiently 
explains  that  the  exec 
really  shouldn’t  have 
deleted  dozens  of  critical 
Windows  system  files. 
But  a  week  later,  it  hap¬ 
pens  again.  And  when 
fish  asks  why,  exec  ex¬ 
plains,  “Oh,  I  needed  to 
make  room  for  some  big 
spreadsheets,  and  my 
files  are  much  more  im¬ 
portant  than  those.  Why 
doesn’t  the  computer 
still  work?” 


Optimized  for  Ego 

This  hospital  needs  of¬ 
fice  space,  so  program¬ 
mers  are  bumped  to  an 
office  building.  It  takes  a 
few  years,  but  eventually 
a  VP  visits  and  notices 
that  IT  has  nicer  digs 
than  he  does.  So  IT 
moves  again  -  this  time 
to  an  old  warehouse 
with  chain-link  cubicles 
that  formerly  held  sup¬ 
plies  and  old  equipment. 
“It  felt  like  going  to  work 
in  a  jail,”  says  pilot  fish. 
But  some  documentation 
is  discovered  missing,  so 
one  programmer  goes 
back  to  the  old  office 
looking  for  it.  What  does 
he  find  in  the  nice  old 
space?  Says  fish,  “All 
the  junk  that  was  moved 


!  It’s  All  in  the 
I  Specifications 

!  This  executive  hasn’t 
j  used  her  PC  at  ail  in  the 
j  past  two  years,  and  now 
|  she  says  she  wants  a 
j  laptop  to  take  work 
|  home.  Finance  pilot  fish 
j  is  trying  to  help  her 
|  specify  what  she  needs 
j  so  he  can  order  the  right 
j  machine.  But  exec  turns 
I  down  every  model  fish 
j  proposes.  Finally,  she 
j  suggests  “the  purple 
j  one.”  The  purple  one? 

!  fish  asks.  “She  had  re- 
i  ceived  a  Dell  ad  showing 
1  a  laptop  with  colored 
j  pads  for  the  front  cor- 
I  ners,”  sighs  fish.  “The 
j  purchase  order  read: 

!  ‘Dell  laptop,  purple.’  It 
i  was  approved  instantly.” 


OFEED  THE  SHARK!  Send  your  true  tale  of  IT  life  to 
sharky@computerworld.com.  You  snag  a  snazzy 
Shark  shirt  if  we  use  it.  And  check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for  Shark  Tank  home  delivery  at 

computerworld.com/sharky. 
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Linux  is  in  the  on  demand  world 


We  can.  That’s  why  IBM  has  devoted  a  tremendous  amount  of  resources  to  Linux 
We  have  over  7000  IBMers  working  on  Linux-related  projects.  Thousands  of  Linux 
customer  engagements.  And  more  Linux-enabled  software  than  anyone.  To  learn 
more  about  IBM,  Linux  and  visit  ibm.com/linux/seeit 


IBM.  the  ebusiness  logo  and  e-business  on  demand  ate  trademarks  or  registered  trademarks  of  International  Business  Machines  Corp.  in  the  United  States 
and/or  other  countries:  Linux  is  a  registered  trademark  of  Linus  Torvalds  in  the  United  States  and/or  other  countries.  '  2003  IBM  Corporation.  All  rights  reserved. 
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Er  erprise  Intelligence  j  Supplier  Intelligence  |  Organizational  Intelligence  |  Customer  Intelligence  |  Intelligence  Architecture 


Deliver  tailored, 
mission-critical 
business  intelligence. 


With  decision  authority  distributed  across  business  units,  how 
can  you  quickly  provide  each  one  with  precise  and  reliable 
intelligence?  And  ensure  that  all  decisions  are  aligned  with 
strategic  goals?  SAS*  software  brings  you  an  integrated  archi¬ 
tecture-complete  with  targeted  interfaces  -  that  allows  different 
users  to  tailor  information  access,  analysis  and  reporting  to  fit 
their  skills  and  requirements.  This  centralized  approach  lets 
you  share  cleansed  and  relevant  data  from  throughout  your 
enterprise,  while  retaining  control  over  data  consistency  and 
quality.  Put  27  years  of  SAS  technology  leadership  to  work  for 
you.  Call  toll  free  1  866  270  5728.  Or  visit  our  Web  site  for  a 
free  white  paper  and  interactive  tour. 


www.sas.com/bi 


The  Power  to  Know, 


www.ltexecuttvesummit.com/bl 

See  us  at  Computerworid’s  IT  Executive  Summit  on  Business  Intelligence 
September  23  in  new  york  September  25  in  san  francisco 


SAS  and  all  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademaifts  a  trad'  •rnarKs  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration.  ©  2003  SAS  Institute  Inc.  All  rights  reserved.  247820US.0803 


